CVE-2024-8056 MM-Breaking News <= 0.7.9 - Reflected XSS

2024-09-1206:00:07

WPScan

www.cve.org

cve-2024-8056

wordpress plugin

cross-site scripting

$_server['request_uri']

old web browsers

EPSS

0.001

Percentile

17.7%

JSON

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "MM-Breaking News",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "0.7.9"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

wpscan.com/vulnerability/203b8122-f1e5-4e9e-ba83-f5cd59d8a289/

EPSS

0.001

Percentile

17.7%

JSON

Related for CVELIST:CVE-2024-8056