CVE-2024-12769

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-79
View all →

Vulnerability Description

The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Related Vulnerabilities

CVE-2014-125110

LOW
CVSS:3.5(Low)

A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfu_ajax_action_callback of the file lib/...

CWE-792014

CVE-2014-125111

LOW
CVSS:3.5(Low)

A vulnerability was found in namithjawahar Wp-Insert up to 2.0.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. Th...

CWE-792014

CVE-2015-10131

LOW
CVSS:3.5(Low)

A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz...

CWE-792015

CVE-2015-10132

LOW
CVSS:3.5(Low)

A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulati...

CWE-792015

CVE-2017-20191

LOW
CVSS:3.5(Low)

A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFor...

CWE-792017

CVE-2018-25101

LOW
CVSS:3.5(Low)

A vulnerability, which was classified as problematic, has been found in l2c2technologies Koha up to 20180108. This issue affects some unknown processing of the file /cgi-bin/koha/opac-MARCdetail.pl. T...

CWE-792018