Lucene search
WPScanCVE-2024-5004HistoryJul 22, 2024 - 6:15 a.m.
CVE-2024-5004
2024-07-2206:15:02
CWE-79
WPScan
web.nvd.nist.gov
24
wordpress
plugin
vulnerability
stored cross-site scripting
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
5.6
Confidence
High
EPSS
0
Percentile
14.5%
The CM Popup Plugin for WordPress WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
Affected configurations
Node
cmindscm_popupRange<1.6.6wordpress
CNA Affected
[
{
"vendor": "Unknown",
"product": "CM Popup Plugin for WordPress ",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "1.6.6"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-5004
2024-07-22 06:15:02
wordfence
wordfence
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
5.6
Confidence
High
EPSS
0
Percentile
14.5%
Related for CVE-2024-5004