Lucene search

K
cve[email protected]CVE-2024-2907
HistoryApr 25, 2024 - 6:15 a.m.

CVE-2024-2907

2024-04-2506:15:58
web.nvd.nist.gov
27
agca
wordpress
plugin
7.2.2
security vulnerability
stored xss
risk
high privilege
admin
unfiltered_html
capability
multisite

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.4%

The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.4%

Related for CVE-2024-2907