Lucene search

K
patchstackLe Ngoc AnhPATCHSTACK:E2DA1D6A4678BC2D5AD9CEA8ADD5540D
HistoryJun 27, 2024 - 12:00 a.m.

WordPress WP-Lister Lite for Amazon Plugin <= 2.6.16 is vulnerable to Cross Site Scripting (XSS)

2024-06-2700:00:00
Le Ngoc Anh
patchstack.com
1
wordpress
wp-lister lite
amazon
plugin
cross site scripting
vulnerability
version 2.6.16
patch
owasp
cve-2024-37261
cvss
medium
developer
wp lab
unauthenticated
published

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

6.9

Confidence

High

Software

WP-Lister Lite for Amazon

Type

Plugin

Vulnerable versions

<= 2.6.16

Fixed in

2.6.17

OWASP Top 10

A3: Injection

Classification

Cross Site Scripting (XSS)

CVE

CVE-2024-37261

Patch priority

Medium

CVSS severity

Medium (7.1)

Developer

WP Lab

PSID

6ad653dd30ed

Credits

Le Ngoc Anh Le Ngoc Anh

Required privilege

Unauthenticated

Published

27 June, 2024

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

We advise to mitigate or resolve the vulnerability immediately.

Affected configurations

Vulners
Node
wp_labwp-lister_lite_for_amazonRange2.6.16
VendorProductVersionCPE
wp_labwp-lister_lite_for_amazon*cpe:2.3:a:wp_lab:wp-lister_lite_for_amazon:*:*:*:*:*:*:*:*

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

6.9

Confidence

High

Related for PATCHSTACK:E2DA1D6A4678BC2D5AD9CEA8ADD5540D