CVE-2024-6625

Published July 12th, 2024

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The WP Total Branding – Complete branding solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

WP Total Branding – Complete branding solution for WordPress

<p>WP Total Branding is a complete branding toolkit for WordPress. Take full control over your WordPress look and feel. Explore the features below:</p> <h4>Features</h4> <ul> <li>Change or remove the WordPress site generator tag</li> <li>Customize the login screen: add your logo, change links, and edit the headline</li> <li>Hide the welcome screen on the WordPress dashboard</li> <li>Remove default WordPress dashboard widgets</li> <li>Add custom footer content to the dashboard (works across all sites in multisite)</li> <li>Hide specific admin menu items</li> <li>Add custom admin notices/messages</li> <li>Remove the WordPress logo from the admin bar or upload your own</li> <li>Customize the default WordPress email sender name and address</li> <li>Disable the REST API</li> <li>Change the REST API base prefix</li> <li>Add custom CSS to the login screen</li> <li>Add custom CSS to the admin dashboard</li> <li>Add custom CSS to the front-end website</li> <li>Insert global content (header or footer) across all websites</li> </ul> <h4>Contributing & Bug Report</h4> <p>Bug reports and pull requests are welcome on <a href="https://github.com/HandyPlugins/wp-total-branding" rel="nofollow ugc">Github</a></p> <p><strong>If you like WP Total Branding, then consider checking out our other projects:</strong></p> <ul> <li><a href="https://handyplugins.co/magic-login-pro/" rel="friend nofollow ugc">Magic Login Pro</a> – Easy, secure, and passwordless authentication for WordPress.</li> <li><a href="https://handyplugins.co/sessionquota-pro/" rel="friend nofollow ugc">SessionQuota Pro</a> – Limit concurrent sessions in WordPress.</li> <li><a href="https://handyplugins.co/stream-integration-pro/" rel="friend nofollow ugc">Stream Integration Pro</a> – Upload, sync, restore, and manage WordPress videos with Cloudflare Stream.</li> <li><a href="https://handyplugins.co/easy-text-to-speech/" rel="friend nofollow ugc">Easy Text-to-Speech</a> – Convert written content into high-quality synthesized speech for WordPress.</li> <li><a href="https://handyplugins.co/handywriter/" rel="friend nofollow ugc">Handywriter</a> – AI-powered writing assistant for WordPress.</li> <li><a href="https://handyplugins.co/paddlepress-pro/" rel="friend nofollow ugc">PaddlePress PRO</a> – Paddle plugin for WordPress.</li> <li><a href="https://handyplugins.co/wp-accessibility-toolkit/" rel="friend nofollow ugc">WP Accessibility Toolkit</a> – Tools to help make your WordPress site more accessible.</li> <li><a href="https://poweredcache.com/" rel="friend nofollow ugc">Powered Cache</a> – Caching and optimization for WordPress to help improve PageSpeed and Core Web Vitals.</li> </ul>

WordPress Plugin Directory

3.45K