The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Metrics
Affected Vendors & Products
References
History
Tue, 18 Mar 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
ssvc
|

Status: PUBLISHED
Assigner: WPScan
Published: 2024-06-21T06:00:05.870Z
Updated: 2025-03-18T14:10:18.475Z
Reserved: 2024-05-15T19:58:15.145Z
Link: CVE-2024-4970

Updated: 2024-08-01T20:55:10.423Z

Status : Modified
Published: 2024-06-21T06:15:12.670
Modified: 2025-03-18T15:15:56.680
Link: CVE-2024-4970

No data.