Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2024-13101
- EPSS 0.02%
- Veröffentlicht 31.01.2025 06:15:28
- Zuletzt bearbeitet 11.05.2025 23:56:46
The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to pe...
6.1
CVE-2024-13112
- EPSS 0.42%
- Veröffentlicht 31.01.2025 06:15:28
- Zuletzt bearbeitet 11.05.2025 23:59:07
The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
1