CVE-2024-10027

Published Nov 7, 2024

Last updated 9 days ago

CVSS medium 4.8

Overview

Description
The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Source
contact@wpscan.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.8
Impact score
2.7
Exploitability score
1.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10027 (Published: 2024-11-07) affects WordPress. Vulnerable versions include multiple releases. To protect your site, ensure you update to the latest version and apply recommended security patches. Stay secure! 🔒 More info: https://t.co/39cDWoDafQ #WordPress #CVE

    @transilienceai

    11 Nov 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10027 (Published: 2024-11-07) affects WordPress. This vulnerability impacts multiple versions, allowing potential exploitation. To safeguard your site, ensure you update to the latest version and apply all recommended patches. Stay secure! 🔒 More info:… https://t.co/

    @transilienceai

    11 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10027 (Published: 2024-11-07) - A low severity vulnerability affecting WordPress. Ensure your site is updated to the latest version to mitigate risks. For detailed remediation steps, check out the link: https://t.co/39cDWoDafQ #WordPress #CVE

    @transilienceai

    11 Nov 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10027 (Published: 2024-11-07) affects WordPress. This vulnerability impacts multiple versions, allowing potential exploitation. To safeguard your site, ensure you update to the latest WordPress release and apply all security patches. Stay secure! 🔒 More info:… https:

    @transilienceai

    11 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2024-10027 (Published: 2024-11-07) affects WordPress. This vulnerability impacts multiple versions, potentially exposing sites to risks. 🛡️ Ensure your WordPress installation is updated to the latest version to mitigate this threat. For more details, visit:… https://t.co/

    @transilienceai

    11 Nov 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-10027 The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin… https://t.co/0AYcmFs7qy

    @CVEnew

    7 Nov 2024

    456 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

References