Lucene search

K
cvelistPatchstackCVELIST:CVE-2024-44042
HistoryOct 06, 2024 - 12:01 p.m.

CVE-2024-44042 WordPress WP Datepicker plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

2024-10-0612:01:41
CWE-79
Patchstack
www.cve.org
3
wordpress
datepicker
xss
vulnerability
fahad mahmood
stored

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0

Percentile

9.7%

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-datepicker",
    "product": "WP Datepicker",
    "vendor": "Fahad Mahmood",
    "versions": [
      {
        "changes": [
          {
            "at": "2.1.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.1.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0

Percentile

9.7%

Related for CVELIST:CVE-2024-44042