CVE-2024-29804

2024-03-2713:15:52

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

vulnerability

team heateor

fancy comments

wordpress

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

9.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Heateor Fancy Comments WordPress allows Stored XSS.This issue affects Fancy Comments WordPress: from n/a through 1.2.14.

Affected configurations

Vulners

Node

team_heateorfancy_comments_wordpressRange≤1.2.14

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "fancy-facebook-comments",
    "product": "Fancy Comments WordPress",
    "vendor": "Team Heateor",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.15",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2.14",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/fancy-facebook-comments/wordpress-fancy-comments-wordpress-plugin-1-2-14-cross-site-scripting-xss-vulnerability?_s_id=cve