Lucene search
WpvulndbWPVDB-ID:81114639-06AB-4DC1-9F6E-F7C39ABC924AHistoryFeb 05, 2024 - 12:00 a.m.
Structured Content < 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Classic Editor Shortcode
2024-02-0500:00:00
wpscan.com
6
wordpress
structured content
cross-site scripting
stored
authenticated
contributor
input sanitization
output escaping
Description The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Classic Editor shortcodes in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.6.2 |
Related
nvd
nvd
CVE-2024-24839
2024-02-05 07:15:10
cve
cve
CVE-2024-24839
2024-02-05 07:15:10
prion
prion
Cross site scripting
2024-02-05 07:15:00
vulnrichment
vulnrichment
cvelist
cvelist
wordfence
wordfence
5.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for WPVDB-ID:81114639-06AB-4DC1-9F6E-F7C39ABC924A