CVE-2024-2500 in ColorMag Plugininformación

Resumen (Inglés)

The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsable

Wordfence

Reservar

2024-03-15

Divulgación

2024-03-22

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
257597ColorMag Plugin Display Name secuencias de comandos en sitios cruzados79No está definidoNo está definidoCVE-2024-2500

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!