CVE-2024-10710

Published Nov 25, 2024

Last updated 3 months ago

CVSS low 3.5

Overview

Description
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Source
contact@wpscan.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.5
Impact score
2.5
Exploitability score
0.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Severity
LOW

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10710 (Published: 2024-11-25) - High severity vulnerability in WP Simple HTML Sitemap. Affects multiple versions. Remediation: Update to the latest version to mitigate risks. Stay secure! 🔒 More info: https://t.co/cTDWnaCOIo #WordPress #Security

    @transilienceai

    27 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10710 (Published: 2024-11-25) - High severity vulnerability in Social Share Buttons. Affects multiple versions. 🛡️ Remediation: Update to the latest version to mitigate risks. Stay secure! More info: https://t.co/cTDWnaCOIo #CyberSecurity #VulnerabilityAlert

    @transilienceai

    27 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10710 (Published: 2024-11-25) - A high-severity vulnerability in Responsive Tabs affects multiple versions. Ensure your installations are updated to the latest version to mitigate risks. For detailed remediation steps, visit: https://t.co/cTDWnaCOIo #CyberSecurity… ht

    @transilienceai

    27 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10710 (Published: 2024-11-25) - A high-severity vulnerability in WooCommerce affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For detailed remediation steps, visit: https://t.co/cTDWnaCOIo #WooCommerce… https://

    @transilienceai

    27 Nov 2024

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-10710 The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Sto… https://t.co/mPkLMI6Q6m

    @CVEnew

    25 Nov 2024

    450 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References