Lucene search

K
cvelistPatchstackCVELIST:CVE-2024-29770
HistoryMar 27, 2024 - 12:59 p.m.

CVE-2024-29770 WordPress Pretty Links plugin <= 3.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

2024-03-2712:59:52
CWE-79
Patchstack
www.cve.org
cve-2024-29770
reflected cross site scripting
pretty links shortlinks

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.0%

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through 3.6.2.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "pretty-link",
    "product": "Shortlinks by Pretty Links",
    "vendor": "Pretty Links",
    "versions": [
      {
        "changes": [
          {
            "at": "3.6.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.6.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-29770