Custom Banners 1.2.2.2 – Authenticated Stored Cross-Site Scripting (XSS) | CVE 2014-4724

Affects Plugins

custom-banners

Fixed in 2.1

References

CVE

CVE-2014-4724

URL

https://packetstormsecurity.com/files/#127291/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

4.8 (medium)

Miscellaneous

Verified

No

WPVDB ID

bc77f4c1-bb8e-498d-a13d-b6daa73c2aa6

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2021-02-17 (about 5 years ago)

Other

Published

Title

Published

2024-05-15

Title

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-01-06

Title

Woo Ukrposhta < 1.18.0 - Reflected Cross-Site Scripting via order, post, and idd Parameters

Published

2014-08-01

Title

Pretty Link Lite <= 1.6.0 - Cross-Site Scripting (XSS)

Published

2026-01-27

Title

Aardvark <= 4.6.3 - Reflected Cross-Site Scripting

Published

2024-06-06

Title

Theme < 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting