Threat Entry Updated 2025-05-17

CVE-2024-7313 - Before 20 Plugin

The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

PLUGIN Before 20

CVE-2024-7313

MEDIUM CVSS 6.1 2024-08-26

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2023-6591 - Before 20 Plugin

The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

PLUGIN Before 20

CVE-2023-6591

MEDIUM CVSS 4.8 2024-02-12

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24930 - Before 20 Plugin

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue

PLUGIN Before 20

CVE-2021-24930

MEDIUM CVSS 5.4 2021-12-06

Risk Score

Open Full Technical Breakdown