PT-2024-17512 · WordPress · Wp Service Payment Form With Authorize.Net

🗓️ 12 Dec 2024 00:00:00Reported by Positive TechnologiesType

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

The WordPress plugin WP Service Payment Form With Authorize.Net before version 2.6.3 has input sanitization flaws that allow script injection via the page parameter.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-12258	12 Dec 202404:18	–	circl
CNNVD	WordPress plugin WP Service Payment Form With Authorize.net 跨站脚本漏洞	12 Dec 202400:00	–	cnnvd
CVE	CVE-2024-12258	12 Dec 202403:23	–	cve
Cvelist	CVE-2024-12258 WP Service Payment Form With Authorize.net <= 2.6.3 - Reflected Cross-Site Scripting	12 Dec 202403:23	–	cvelist
EUVD	EUVD-2024-50722	3 Oct 202520:07	–	euvd
NVD	CVE-2024-12258	12 Dec 202404:15	–	nvd
Patchstack	WordPress WP Service Payment Form With Authorize.net plugin <= 2.6.3 - Reflected Cross-Site Scripting vulnerability	12 Dec 202400:39	–	patchstack
RedhatCVE	CVE-2024-12258	23 May 202506:53	–	redhatcve
Vulnrichment	CVE-2024-12258 WP Service Payment Form With Authorize.net <= 2.6.3 - Reflected Cross-Site Scripting	12 Dec 202403:23	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (December 9, 2024 to December 15, 2024)	19 Dec 202417:13	–	wordfence

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-12258
twitter	www.twitter.com/CVEnew/status/1867171921546162594
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/f478a5b3-58ef-410e-801f-82eaa579941a
plugins	www.plugins.trac.wordpress.org/browser/wp-service-payment-form-with-authorizenet/trunk/src/wpspf-payments-list.php
t	www.t.me/cvedetector/12687

12 Dec 2024 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 3.16.1

EPSS0.02088

SSVC