CVE-2024-5802 URL Shortener by MyThemeShop <= 1.0.17 - Admin+ Stored XSS

2024-07-0906:00:04

WPScan

www.cve.org

cve-2024-5802

url shortener

mythemeshop

admin

stored xss

EPSS

Percentile

14.3%

JSON

The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "URL Shortener by MyThemeShop",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.0.17"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

wpscan.com/vulnerability/cd37f702-9144-4c98-9b08-c63e510cd97f/

EPSS

Percentile

14.3%

JSON

Related for CVELIST:CVE-2024-5802