- Description
- The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 6.4
- Impact score
- 2.7
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2024-11198 (Published: 2024-11-19) - A medium severity vulnerability affects Wordfence. Ensure your version is updated to mitigate risks. For detailed remediation steps, check out the full report here: https://t.co/vWKApYpZeN #CyberSecurity #Wordfence
@transilienceai
22 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11198 (Published: 2024-11-19) affects the GD Rating System plugin for WordPress. This vulnerability impacts multiple versions, allowing potential exploitation. Users are urged to update to the latest version immediately to mitigate risks. More info:… https://t.co/k9gb
@transilienceai
22 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11198 (Published: 2024-11-19) - A high-severity vulnerability affects specific WordPress plugins. Ensure your installations are updated to the latest versions to mitigate risks. Check the changeset for details: https://t.co/kkhxjdMhD1 #WordPress #CVE #CyberSecurity
@transilienceai
22 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11198 (Published: 2024-11-19) - A high-severity vulnerability affects specific WordPress plugins. Ensure your installations are updated to the latest versions to mitigate risks. Check the changeset for details: https://t.co/kkhxjdMhD1 #WordPress #CyberSecurity
@transilienceai
22 Nov 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 CVE-2024-11198 (Published: 2024-11-19) - A high-severity vulnerability affects specific WordPress plugins. Ensure your installations are updated to the latest versions to mitigate risks. Check the changeset for detailed remediation steps: https://t.co/kkhxjdMhD1 #WordPress… ht
@transilienceai
22 Nov 2024
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11198 (Published: 2024-11-19) - A high-severity vulnerability affects specific WordPress plugins. Ensure your installations are updated to the latest version to mitigate risks. Check the changeset for details: https://t.co/kkhxjdMhD1 Stay secure! 🔒 #WordPress #CVE
@transilienceai
22 Nov 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11198 (Published: 2024-11-19) - A high-severity vulnerability affects specific WordPress plugins. Ensure your installations are updated to the latest versions to mitigate risks. Check the changeset for detailed remediation steps: https://t.co/kkhxjdMhD1 #WordPress… ht
@transilienceai
22 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11198 (Published: 2024-11-19) - A high-severity vulnerability affects specific WordPress plugins. Ensure your installations are updated to the latest versions to mitigate risks. Check the changeset for detailed remediation steps: https://t.co/kkhxjdMhD1 #WordPress… ht
@transilienceai
22 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes