Lucene search

CVE-2024-38700

🗓️ 12 Jul 2024 14:15:15Reported by PatchstackType

Improper neutralization of special elements in output allows code injection in realmag777 WPC

Reporter	Title	Published	Views	Family All 5
Patchstack	WordPress WPCS Plugin <= 1.2.0.3 is vulnerable to Content Injection	10 Jul 202400:00	–	patchstack
Cvelist	CVE-2024-38700 WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.3 - Arbitrary Shortcode Execution vulnerability	12 Jul 202414:05	–	cvelist
NVD	CVE-2024-38700	12 Jul 202414:15	–	nvd
Vulnrichment	CVE-2024-38700 WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.3 - Arbitrary Shortcode Execution vulnerability	12 Jul 202414:05	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (July 8, 2024 to July 14, 2024)	18 Jul 202415:33	–	wordfence

Vulners

Vulnrichment

Node

realmag777 wpcsRange≤1.2.0.3wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "currency-switcher",
    "product": "WPCS",
    "vendor": "realmag777",
    "versions": [
      {
        "lessThanOrEqual": "1.2.0.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/currency-switcher/wordpress-wpcs-wordpress-currency-switcher-professional-plugin-1-2-0-3-arbitrary-shortcode-execution-vulnerability

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jul 2024 14:15Current

6.9Medium risk

Vulners AI Score6.9

CVSS36.5

EPSS0.00043

SSVC

CWE-74