Lucene search
WPScanCVE-2024-3634HistoryMay 15, 2024 - 6:15 a.m.
CVE-2024-3634
2024-05-1506:15:13
WPScan
web.nvd.nist.gov
32
cve-2024-3634
wordpress
cross-site scripting
stored
high privilege users
admin
settings
sanitize
escape
unfiltered_html
capability
multisite
The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected configurations
Node
name_directory_projectname_directoryRange<2.3.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| name_directory_project | name_directory | * | cpe:2.3:a:name_directory_project:name_directory:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "month name translation benaceur",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.3.8"
}
],
"defaultStatus": "unaffected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-3634 month name translation benaceur < 2.3.8 - Admin+ Stored XSS
2024-05-15 06:00:04
wpvulndb
wpvulndb
month name translation benaceur < 2.3.8 - Admin+ Stored XSS
2024-04-24 00:00:00
nvd
nvd
CVE-2024-3634
2024-05-15 06:15:13
cvelist
cvelist
CVE-2024-3634 month name translation benaceur < 2.3.8 - Admin+ Stored XSS
2024-05-15 06:00:04
wpexploit
wpexploit
month name translation benaceur < 2.3.8 - Admin+ Stored XSS
2024-04-24 00:00:00
wordfence
wordfence