CVE-2024-4473
- EPSS 0.4%
- Veröffentlicht 14.05.2024 16:17:35
- Zuletzt bearbeitet 20.02.2025 20:59:09
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-4036
- EPSS 0.32%
- Veröffentlicht 02.05.2024 17:15:34
- Zuletzt bearbeitet 20.02.2025 19:52:28
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2024-3208
- EPSS 0.22%
- Veröffentlicht 09.04.2024 19:15:40
- Zuletzt bearbeitet 24.02.2025 17:57:40
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied att...
CVE-2024-2936
- EPSS 0.17%
- Veröffentlicht 29.03.2024 06:15:08
- Zuletzt bearbeitet 13.02.2025 16:31:06
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. T...
CVE-2024-1447
- EPSS 0.17%
- Veröffentlicht 29.02.2024 01:43:50
- Zuletzt bearbeitet 13.02.2025 16:49:07
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied...