Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5
CVE-2025-1452
- EPSS 0.07%
- Veröffentlicht 25.03.2025 06:00:14
- Zuletzt bearbeitet 06.05.2025 19:59:13
The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...
5.4
CVE-2023-2304
- EPSS 1.13%
- Veröffentlicht 31.05.2023 05:15:10
- Zuletzt bearbeitet 06.05.2025 19:53:42
The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This ma...
1