he Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
No configuration.
22 Nov 2024, 06:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Published : 2024-11-22 06:15
Updated : 2024-11-22 06:15
NVD link : CVE-2024-11381
Mitre link : CVE-2024-11381
CVE.ORG link : CVE-2024-11381
JSON object : View
No product.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')