Stored Cross-Site Scripting Vulnerability in Quotes Llama Plugin for WordPress
CVE-2024-10874
6.4MEDIUM
What is CVE-2024-10874?
The Quotes Llama plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) due to inadequate input sanitization and output escaping in the 'quotes-llama' shortcode. This vulnerability allows authenticated users with contributor-level access or higher to inject malicious scripts into pages. The injected scripts will execute whenever the affected pages are accessed, potentially compromising user sessions and sensitive information.
Affected Version(s)
Quotes llama 0 <= 3.0.0