Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8
CVE-2023-4725
- EPSS 0.08%
- Veröffentlicht 16.10.2023 20:15:16
- Zuletzt bearbeitet 23.04.2025 13:15:55
The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d...
5.4
CVE-2023-4646
- EPSS 0.11%
- Veröffentlicht 16.10.2023 20:15:15
- Zuletzt bearbeitet 23.04.2025 17:16:45
The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above t...
1