CVE-2024-6724
13.08.2024, 06:15
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
| Vendor | Product | Version |
|---|---|---|
| magic-post-thumbnail | generate_images | 𝑥 < 5.2.8 |
| magic-post-thumbnail | magic_post_thumbnail | 𝑥 < 5.2.8 |
𝑥
= Vulnerable software versions