Stored Cross-Site Scripting in WordPress Email Address Obfuscation Plugin
CVE-2024-11935
6.4MEDIUM
What is CVE-2024-11935?
The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This vulnerability allows authenticated users with Contributor-level access or higher to inject arbitrary web scripts, which execute when a user visits the manipulated page. This presents a significant risk to website security, potentially allowing attackers to access sensitive information or perform malicious actions on behalf of users.