CVE-2024-11195

Published Nov 19, 2024

Last updated 3 months ago

CVSS medium 6.4

Overview

Description
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.4
Impact score
2.7
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-11195 (Published: 2024-11-19) - A medium severity vulnerability affects WordPress. Ensure your site is updated to the latest version to mitigate risks. For detailed remediation steps, check out the full report: https://t.co/1nlRTx46Jn #WordPress #CVE

    @transilienceai

    22 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-11195 (Published: 11/19/2024) - Medium severity vulnerability in WordPress. Affects multiple versions. Remediation: Update to the latest version to secure your site. Stay informed and protect your digital space! 🔒 More info: https://t.co/1nlRTx46Jn #WordPress #CVE

    @transilienceai

    22 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-11195 (Published: 2024-11-19) - A medium severity vulnerability affects WordPress. Ensure your site is updated to the latest version to mitigate risks. For detailed remediation steps, check out the full report here: https://t.co/1nlRTx46Jn #WordPress #CVE

    @transilienceai

    22 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-11195 (Published: 2024-11-19) - Medium severity vulnerability in WordPress. Affects multiple versions. Ensure your site is updated to the latest version to mitigate risks. For detailed remediation steps, visit: https://t.co/1nlRTx46Jn #WordPress #CVE

    @transilienceai

    22 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2024-11195 (Published: 2024-11-19) - A high-severity vulnerability in WordPress. Affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For detailed changes, check the update here: https://t.co/gcldwRdlr5 #WordPress #CVE

    @transilienceai

    22 Nov 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CVE-2024-11195 (Published: 2024-11-19) - A high-severity vulnerability has been identified in WordPress. Affected versions include various plugins. To protect your site, ensure you update to the latest version as detailed here: https://t.co/gcldwRdlr5 #WordPress… https://t.co/

    @transilienceai

    22 Nov 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-11195 The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions u… https://t.co/EvlLsCxzc8

    @CVEnew

    19 Nov 2024

    348 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References