CVE-2025-6236
- EPSS 0.03%
- Veröffentlicht 10.07.2025 06:15:22
- Zuletzt bearbeitet 11.07.2025 18:28:45
The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...
CVE-2025-6234
- EPSS 0.03%
- Veröffentlicht 10.07.2025 06:15:21
- Zuletzt bearbeitet 11.07.2025 18:29:08
The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-3753
- EPSS 1.46%
- Veröffentlicht 13.07.2024 06:15:02
- Zuletzt bearbeitet 13.05.2025 14:01:36
The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-0545
- EPSS 0.12%
- Veröffentlicht 05.06.2023 14:15:09
- Zuletzt bearbeitet 08.01.2025 17:15:10
The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...
CVE-2019-12345
- EPSS 0.47%
- Veröffentlicht 27.05.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:22:37
XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.