Lucene search
WPScanCVE-2024-6494HistoryAug 07, 2024 - 6:16 a.m.
CVE-2024-6494
2024-08-0706:16:47
WPScan
web.nvd.nist.gov
11
wordpress
file upload
4.24.8
unauthenticated users
xss
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.7
Confidence
High
EPSS
0
Percentile
9.5%
The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.
Affected configurations
Node
wordpress_file_upload_projectwordpress_file_uploadRange<4.24.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress_file_upload_project | wordpress_file_upload | * | cpe:2.3:a:wordpress_file_upload_project:wordpress_file_upload:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "WordPress File Upload",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "4.24.8"
}
],
"defaultStatus": "unaffected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-6494 WordPress File Upload < 4.24.8 - Unauthenticated Stored XSS
2024-08-07 06:00:06
cvelist
cvelist
CVE-2024-6494 WordPress File Upload < 4.24.8 - Unauthenticated Stored XSS
2024-08-07 06:00:06
nvd
nvd
CVE-2024-6494
2024-08-07 06:16:47
wordfence
wordfence
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
5.7
Confidence
High
EPSS
0
Percentile
9.5%
Related for CVE-2024-6494