CVE-2024-0656 in Password Protected Plugininfo

Zusammenfassung

von MITRE • 29.02.2024

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

17.01.2024

Veröffentlichung

29.02.2024

Moderieren

akzeptiert

Eintrag

VDB-254156

CPE

bereit

CWE

CWE-79 (bestätigt)

CVSS

4.8 (NVD)

EPSS

0.00279

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-0656
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-0656
CVE Details	https://www.cvedetails.com/cve/CVE-2024-0656/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!