No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-15268 | The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
Wed, 04 Jun 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Stylishpricelist
Stylishpricelist stylish Price List |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:stylishpricelist:stylish_price_list:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Stylishpricelist
Stylishpricelist stylish Price List |
Sat, 17 May 2025 04:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 15 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Stylish Price List WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |
| Title | Stylish Price List < 7.1.8 - Contributor+ Stored XSS | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-05-17T03:36:57.874Z
Reserved: 2024-08-13T17:34:32.234Z
Link: CVE-2024-7758
Updated: 2025-05-17T03:36:53.388Z
Status : Analyzed
Published: 2025-05-15T20:15:56.747
Modified: 2026-06-17T08:20:51.847
Link: CVE-2024-7758
No data.
OpenCVE Enrichment
No data.
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD