Lucene search

PatchstackCVE-2024-37946

HistoryJul 20, 2024 - 9:15 a.m.

CVE-2024-37946

2024-07-2009:15:06

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-37946

xss

cross-site scripting

wedevs recaptcha integration

wordpress

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

9.3%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in weDevs ReCaptcha Integration for WordPress allows Stored XSS.This issue affects ReCaptcha Integration for WordPress: from n/a through 1.2.5.

Affected configurations

Vulners

Node

wedevsrecaptcha_integration_for_wordpressRange≤1.2.5

VendorProductVersionCPE
wedevsrecaptcha_integration_for_wordpress*cpe:2.3:a:wedevs:recaptcha_integration_for_wordpress:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wedevs	recaptcha_integration_for_wordpress	*	cpe:2.3:a:wedevs:recaptcha_integration_for_wordpress::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-recaptcha-integration",
    "product": "ReCaptcha Integration for WordPress",
    "vendor": "weDevs",
    "versions": [
      {
        "lessThanOrEqual": "1.2.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-recaptcha-integration/wordpress-recaptcha-integration-for-wordpress-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve