The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/34ae6121-304f-495b-bcc1-4fbd3d70a9fb/ | Exploit Third Party Advisory |
Configurations
History
11 Sep 2024, 16:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/34ae6121-304f-495b-bcc1-4fbd3d70a9fb/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:ngothang:wp_multitasking:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-79 | |
First Time |
Ngothang
Ngothang wp Multitasking |
09 Sep 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Sep 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-08 06:15
Updated : 2024-09-11 16:19
NVD link : CVE-2024-6859
Mitre link : CVE-2024-6859
CVE.ORG link : CVE-2024-6859
JSON object : View
Products Affected
ngothang
- wp_multitasking
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')