CVE-2024-4104

🗓️ 14 May 2024 15:53:42Reported by WordfenceType

The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbp_id' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2024-4104 ADFO – Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting	9 May 202420:03	–	cvelist
NVD	CVE-2024-4104	14 May 202415:42	–	nvd
WPVulnDB	ADFO – Custom data in admin dashboard < 1.9.1 - Reflected Cross-Site Scripting	7 May 202400:00	–	wpvulndb
Vulnrichment	CVE-2024-4104 ADFO – Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting	9 May 202420:03	–	vulnrichment
Patchstack	WordPress ADFO Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)	8 May 202400:00	–	patchstack
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)	16 May 202413:04	–	wordfence

Vulners

Node

giuliopanda adfo_–_custom_data_in_admin_dashboardRange≤1.9.0wordpress

[
  {
    "vendor": "giuliopanda",
    "product": "ADFO – Custom data in admin dashboard",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.9.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/e61110fc-cc2d-4207-97b6-b21459334216
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/browser/admin-form/trunk/admin/class-af-list-admin.php

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 May 2024 15:42Current

6.3Medium risk

Vulners AI Score6.3

CVSS36.1

EPSS0.00045

SSVC