Lucene search

K
patchstackWesley (wcraft)PATCHSTACK:C90D6ED03F4FC3E2B92E1972B6D3D334
HistoryMay 08, 2024 - 12:00 a.m.

WordPress HT Mega Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

2024-05-0800:00:00
wesley (wcraft)
patchstack.com
wordpress ht mega plugin
cross site scripting
vulnerable 2.5.0
fixed 2.5.1
owasp top 10
cve-2024-3990
low severity

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

Software

HT Mega

Type

Plugin

Vulnerable versions

<= 2.5.0

Fixed in

2.5.1

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Classification

Cross Site Scripting (XSS)

CVE

CVE-2024-3990

Patch priority

Low

CVSS severity

Low (6.5)

Developer

HTMega

PSID

6e65dea1b0e6

Credits

wesley (wcraft)

Required privilege

Contributor

Published

8 May, 2024

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
hasthemesht_megaRange2.5.0freewordpress
VendorProductVersionCPE
hasthemesht_mega*cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

Related for PATCHSTACK:C90D6ED03F4FC3E2B92E1972B6D3D334