Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8
CVE-2025-1033
- EPSS 0.07%
- Veröffentlicht 15.05.2025 20:16:02
- Zuletzt bearbeitet 12.06.2025 16:36:24
The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe...
6.1
CVE-2024-13828
- EPSS 0.06%
- Veröffentlicht 15.05.2025 20:15:40
- Zuletzt bearbeitet 10.06.2025 13:02:39
The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
1