CVE-2024-11107

Published Dec 10, 2024

Last updated 3 months ago

CVSS medium 6.1

Overview

Description
The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
Source
contact@wpscan.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending

  1. CVE-2024-11107 The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated u… https://t.co/Q1FZBtTc2k

    @CVEnew

    10 Dec 2024

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References