CVE-2024-1997 in Premium Addons Pro Plugin信息

摘要

由 VulDB • 2026-07-07

WordPress插件Premium Addons PRO存在存储型跨站脚本漏洞(Stored Cross-Site Scripting),该漏洞位于Messenger Chat Widget的'premium_fbchat_app_id'参数中,影响所有2.9.12及更早版本。原因是输入清理和输出转义不足。这使得具有贡献者级别及以上权限的攻击者能够在页面中注入任意Web脚本,当用户访问被注入的页面时,这些脚本将执行。

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

来源

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!