Lucene search
WPScanCVE-2024-3630HistoryMay 15, 2024 - 6:15 a.m.
CVE-2024-3630
2024-05-1506:15:12
WPScan
web.nvd.nist.gov
37
cross-site scripting
stored
high privilege user
settings sanitisation
nvd
cve-2024-3630
The HL Twitter WordPress plugin through 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected configurations
Node
verweise-wordpress-twitter_projectverweise-wordpress-twitterRange≤2014.1.18wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| verweise-wordpress-twitter_project | verweise-wordpress-twitter | * | cpe:2.3:a:verweise-wordpress-twitter_project:verweise-wordpress-twitter:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "HL Twitter",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "2014.1.18"
}
],
"defaultStatus": "affected"
}
]Related
cvelist
cvelist
CVE-2024-3630 HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget
2024-05-15 06:00:03
vulnrichment
vulnrichment
CVE-2024-3630 HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget
2024-05-15 06:00:03
nvd
nvd
CVE-2024-3630
2024-05-15 06:15:12
wpexploit
wpexploit
HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget
2024-04-24 00:00:00
wpvulndb
wpvulndb
HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget
2024-04-24 00:00:00
wordfence
wordfence