CVE-2024-2375 WPQA < 6.1.1 - Contributor+ Stored XSS

2024-07-0306:00:04

WPScan

www.cve.org

cve-2024-2375

wpqa builder

wordpress plugin

stored xss

contributor

cross-site scripting

EPSS

Percentile

14.2%

JSON

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WPQA Builder",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "6.1.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/3d144e1c-a1f4-4c5a-93e2-4296a96d4ba2/

EPSS

Percentile

14.2%

JSON

Related for CVELIST:CVE-2024-2375