Filtered by vendor Pavel Holoborodko Subscriptions
Filtered by product Wp Quicklatex Subscriptions

Search

Switch to Advanced Search (Beta)
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-5529 2 Holoborodko, Pavel Holoborodko 2 Wp Quicklatex, Wp Quicklatex 2025-03-18 4.8 Medium
The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).