CVE-2024-11869

Published Dec 14, 2024

Last updated 2 months ago

CVSS medium 6.4

Overview

Description
The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
6.4
Impact score
2.7
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-11869 (Published: 2024-12-14) - A critical vulnerability in WordPress affects the Buk Appointments plugin. Ensure you're using the latest version to mitigate risks. For details, check the code here: [Buk Appointments Code](https://t.co/0RGoCxiehC). #WordPress… https:/

    @transilienceai

    18 Dec 2024

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-11869 (Published: 2024-12-14) - A critical vulnerability in WordPress Buk Appointments plugin. Affects all versions. 🛠️ Remediation: Update to the latest version immediately to secure your site. For more details, check the code here: https://t.co/0RGoCxiehC… https://

    @transilienceai

    18 Dec 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-11869 The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 d… https://t.co/sZ2wgcBwiT

    @CVEnew

    14 Dec 2024

    94 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-11869 Stored XSS Vulnerability in Buk for WordPress Plugin Up to 1.0.7 The Buk for WordPress plugin has a problem called Stored Cross-Site Scripting. This happens through the plugin's 'buk' shortcode in ... https://t.co/nTvWdL3dnR

    @VulmonFeeds

    14 Dec 2024

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References