Lucene search

K
cvePatchstackCVE-2024-44042
HistoryOct 06, 2024 - 12:15 p.m.

CVE-2024-44042

2024-10-0612:15:04
CWE-79
Patchstack
web.nvd.nist.gov
22
fahad mahmood
wp datepicker
stored xss
vulnerability

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0

Percentile

9.7%

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1.

Affected configurations

Vulners
Node
fahad_mahmoodwp_docsRange2.1.1wordpress
VendorProductVersionCPE
fahad_mahmoodwp_docs*cpe:2.3:a:fahad_mahmood:wp_docs:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-datepicker",
    "product": "WP Datepicker",
    "vendor": "Fahad Mahmood",
    "versions": [
      {
        "changes": [
          {
            "at": "2.1.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.1.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0

Percentile

9.7%