Overview
- Description
- The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-79
Social media
- Hype score
- Not currently trending
CVE-2024-10877 (Published: 2024-11-13) - A medium severity vulnerability affects Wordfence. Ensure your WordPress site is updated to the latest version to mitigate risks. For detailed remediation steps, visit: https://t.co/aCVFlKkgiG #WordPress #Security
@transilienceai
14 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10877 Reflected XSS Vulnerability in AFI WordPress Plugin Versions ≤ 1.92.0 The AFI – The Easiest Integration Plugin for WordPress has a Reflected Cross-Site Scripting (XSS) flaw. This happens because it... https://t.co/jnZO5dk6mI
@VulmonFeeds
13 Nov 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes