Lucene search

PatchstackCVE-2024-37951

HistoryJul 20, 2024 - 9:15 a.m.

CVE-2024-37951

2024-07-2009:15:07

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-37951

xss

stored xss

noor alam magical posts display

elementor

gutenberg posts blocks

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

9.3%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Noor alam Magical Posts Display – Elementor & Gutenberg Posts Blocks allows Stored XSS.This issue affects Magical Posts Display – Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38.

Affected configurations

Vulners

Node

noor_alammagical_addons_for_elementorRange≤1.2.38

VendorProductVersionCPE
noor_alammagical_addons_for_elementor*cpe:2.3:a:noor_alam:magical_addons_for_elementor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
noor_alam	magical_addons_for_elementor	*	cpe:2.3:a:noor_alam:magical_addons_for_elementor::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "magical-posts-display",
    "product": "Magical Posts Display – Elementor & Gutenberg Posts Blocks",
    "vendor": "Noor alam",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.39",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2.38",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/magical-posts-display/wordpress-magical-posts-display-plugin-1-2-38-cross-site-scripting-xss-vulnerability?_s_id=cve