CVE-2024-24838

2024-02-0507:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-24838

cross-site scripting

five star plugins

five star restaurant reviews

stored xss

vulnerability

security

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.

Affected configurations

Vulners

NVD

Node

five_star_pluginsfive_star_restaurant_reviewsRange≤2.3.5

CPENameOperatorVersion
fivestarplugins:five_star_restaurant_menufivestarplugins five star restaurant menule2.3.5

CPE	Name	Operator	Version
fivestarplugins:five_star_restaurant_menu	fivestarplugins five star restaurant menu	le	2.3.5

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "good-reviews-wp",
    "product": "Five Star Restaurant Reviews",
    "vendor": "Five Star Plugins",
    "versions": [
      {
        "changes": [
          {
            "at": "2.3.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.3.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/good-reviews-wp/wordpress-five-star-restaurant-reviews-plugin-2-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve