📦

profile_box_shortcode_and_widget

Vendor: awplife

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 0.23% Exploit Prob.

Latest CVE CVE-2024-1401 Mar 19

Security Vulnerability Index

Page 1 / 1

4.8 CVSS

CVE-2024-1401

The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

EPSS: 0.23%

Severity: MEDIUM

Mar 19, 2024

Displaying 1 of 1 Total Entries

Total 1 Sections