If-So Dynamic Content Personalization vulnerabilities
2 known vulnerabilities affecting if-so/dynamic_content_personalization.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-5440MEDIUMCVSS 5.4fixed in 1.8.0.32025-05-15
CVE-2024-5440 [MEDIUM] CWE-79 CVE-2024-5440: The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and esca
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
nvd
CVE-2023-51492MEDIUMCVSS 5.4≤ 1.6.3.12024-02-10
CVE-2023-51492 [MEDIUM] CWE-79 CVE-2023-51492: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS.This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1.
nvd