Lucene search

PatchstackCVE-2024-37556

HistoryJul 21, 2024 - 7:15 a.m.

CVE-2024-37556

2024-07-2107:15:04

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-37556

xss

web page generation

seedprod wordpress notification bar

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

14.7%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SeedProd WordPress Notification Bar allows Stored XSS.This issue affects WordPress Notification Bar: from n/a through 1.3.10.

Affected configurations

Nvd

Vulners

Node

seedprodwordpress_notification_barRange≤1.3.10wordpress

VendorProductVersionCPE
seedprodwordpress_notification_bar*cpe:2.3:a:seedprod:wordpress_notification_bar:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
seedprod	wordpress_notification_bar	*	cpe:2.3:a:seedprod:wordpress_notification_bar::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wordpress-notification-bar",
    "product": "WordPress Notification Bar",
    "vendor": "SeedProd",
    "versions": [
      {
        "lessThanOrEqual": "1.3.10",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wordpress-notification-bar/wordpress-wordpress-notification-bar-plugin-1-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve