Lucene search

K
patchstackResecured.ioPATCHSTACK:9EB801878780A131953810C4C7DADDF6
HistoryJan 31, 2024 - 12:00 a.m.

WordPress OWL Carousel Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)

2024-01-3100:00:00
resecured.io
patchstack.com
2
wordpress owl carousel
cross site scripting
vulnerable version
low severity

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

6.5

Confidence

High

Software

OWL Carousel

Type

Plugin

Vulnerable versions

<= 1.4.0

Fixed in

N/A

OWASP Top 10

A3: Injection

Classification

Cross Site Scripting (XSS)

CVE

CVE-2024-24801

Patch priority

Low

CVSS severity

Low (6.5)

Developer

Claim ownership

PSID

615e32c78c36

Credits

resecured.io resecured.io

Required privilege

Contributor

Published

31 January, 2024

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
logichuntowl_carouselRange1.4.0wordpress
VendorProductVersionCPE
logichuntowl_carousel*cpe:2.3:a:logichunt:owl_carousel:*:*:*:*:*:wordpress:*:*

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

6.5

Confidence

High

Related for PATCHSTACK:9EB801878780A131953810C4C7DADDF6