CVE-2024-8723

The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wangbin:012_ps_multi_languages:*:*:*:*:*:wordpress:*:*

History

02 Oct 2024, 17:00

Type Values Removed Values Added
CPE cpe:2.3:a:wangbin:012_ps_multi_languages:*:*:*:*:*:wordpress:*:*
First Time Wangbin 012 Ps Multi Languages
Wangbin
References () https://plugins.svn.wordpress.org/012-ps-multi-languages/trunk/includes/ps-multilingual-edit-post.php - () https://plugins.svn.wordpress.org/012-ps-multi-languages/trunk/includes/ps-multilingual-edit-post.php - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/30a1517e-5ea5-47a1-afe8-9543e1ffd199?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/30a1517e-5ea5-47a1-afe8-9543e1ffd199?source=cve - Third Party Advisory
CVSS v2 : unknown
v3 : 6.4
v2 : unknown
v3 : 5.4

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) El complemento 012 Ps Multi Languages para WordPress es vulnerable a Cross Site Scripting almacenado a través de títulos traducidos en todas las versiones hasta la 1.6 incluida, debido a una limpieza de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada.

26 Sep 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-26 03:15

Updated : 2024-10-02 17:00


NVD link : CVE-2024-8723

Mitre link : CVE-2024-8723

CVE.ORG link : CVE-2024-8723


JSON object : View

Products Affected

wangbin

  • 012_ps_multi_languages
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')