Vulnerabilities > MM Breaking News Project

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-12	CVE-2024-8054	Cross-site Scripting vulnerability in Mm-Breaking News Project Mm-Breaking News The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. network low complexity mm-breaking-news-project CWE-79	6.1
2024-09-12	CVE-2024-8056	Cross-site Scripting vulnerability in Mm-Breaking News Project Mm-Breaking News The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers network low complexity mm-breaking-news-project CWE-79	6.1

Vulnerabilities > MM Breaking News Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"MM Breaking News Project"}]}