CVE-2024-10181

Published Oct 29, 2024

Last updated 19 days ago

CVSS medium 6.4

Overview

Description
The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
6.4
Impact score
2.7
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10181 (Published: 2024-10-29) - A high-severity vulnerability affects Wordfence. Ensure your installations are updated to the latest version to mitigate risks. For detailed remediation steps, visit: https://t.co/RgqYtPrlOW #CyberSecurity #Wordfence

    @transilienceai

    1 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10181 (Published: 2024-10-29) - A high-severity vulnerability affects Wordfence. Ensure your WordPress site is updated to the latest version to mitigate risks. For detailed remediation steps, check out the full report: https://t.co/RgqYtPrlOW #WordPress #Security

    @transilienceai

    1 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10181 (Published: 2024-10-29) - High severity vulnerability in Tribulant. Affects specific versions. Ensure your site is secure by updating to the latest version. Check the changeset for details: https://t.co/vvV9P4mm0B #WordPress #Security #CVE

    @transilienceai

    1 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10181 (Published: 2024-10-29) - A high-severity vulnerability affects Tribulant. Ensure you're using the latest version to mitigate risks. Check the changeset for detailed remediation steps: https://t.co/vvV9P4mm0B Stay secure! #WordPress #CyberSecurity

    @transilienceai

    1 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-10181 The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4… https://t.co/12R34VWlH8

    @CVEnew

    29 Oct 2024

    196 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References