← Back

Profile Box Shortcode And Widget

profile_box_shortcode_and_widget

Vendor: Awplife • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-1401
1Awplife
1Profile Box Shortcode And Widget
May 5, 2025
Mar 19, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev...Show more
The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less