Overview
- Description
- The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.4
- Impact score
- 2.7
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-79
Social media
- Hype score
- Not currently trending
CVE Alert: CVE-2024-10112 - https://t.co/EqO4g5TS5q #OSINT #ThreatIntel #CyberSecurity #cve_2024_10112
@RedPacketSec
26 Oct 2024
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10112 (Published: 2024-10-25) - A high-severity vulnerability affects Wordfence. Ensure your WordPress site is updated to the latest version to mitigate risks. Check for patches and follow remediation steps here: https://t.co/mlepwaolDP #WordPress #Security
@transilienceai
26 Oct 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10112 (Published: 2024-10-25) - A high-severity vulnerability has been identified in Wordfence. Affects multiple versions. Remediation is crucial! Ensure your site is updated to the latest version to mitigate risks. More info: https://t.co/mlepwaolDP #CyberSecurity… h
@transilienceai
26 Oct 2024
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10112 (Published: 2024-10-25) - A high-severity vulnerability affecting Wordfence. Ensure your Wordfence plugin is updated to the latest version to mitigate risks. Stay secure! 🔒 For more details, check: https://t.co/mlepwaolDP #CyberSecurity #WordPress
@transilienceai
26 Oct 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10112 (Published: 2024-10-25) affects the Simple News plugin for WordPress. Versions prior to the latest release are vulnerable. 🛡️ Update your plugin immediately to mitigate risks. For more details, visit: https://t.co/P2hrtsTEIq #WordPress #SecurityUpdate
@transilienceai
26 Oct 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10112 (Published: 2024-10-25) - High severity vulnerability in the Simple News plugin for WordPress. Affects multiple versions. 🔒 Remediation: Update to the latest version available at https://t.co/P2hrtsTEIq to secure your site! #WordPress #CyberSecurity
@transilienceai
26 Oct 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10112 (Published: 2024-10-25) - A high-severity vulnerability affects the Simple News plugin for WordPress. Ensure you're using the latest version to mitigate risks. For more details and remediation steps, visit: https://t.co/P2hrtsTEIq #WordPress #Security
@transilienceai
26 Oct 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10112 (Published: 2024-10-25) - A high-severity vulnerability in the Simple News plugin for WordPress. Affects multiple versions. 🛡️ Remediation: Update to the latest version available at https://t.co/P2hrtsTEIq to secure your site! #WordPress #CyberSecurity
@transilienceai
26 Oct 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes