cve/CVE-2024-0852.md at edc21dfd23c1fd07dfa20d053e3b92d875e0ab18

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin

POC

Reference

https://wpscan.com/vulnerability/743c4d79-e1d5-4fb0-a17d-296df2c54e8a/

Github

https://github.com/20142995/nuclei-templates

846 B Raw Blame History

CVE-2024-0852

Description

POC

Reference

Github

846 B

Raw Blame History