Security Advisory

CVE-2024-4483

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-29 06:00:01

Last updated 2024-08-01 20:40:47

Assigner WPScan

State PUBLISHED

Description

The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting

← Browse all CVEs View on cve.org ↗