- Description
- The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 6.4
- Impact score
- 2.7
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2024-11894 (Published: 2024-12-14) - A high-severity vulnerability in The Permalinker plugin for WordPress. Affected versions are vulnerable to exploitation. 🛡️ Remediation: Update to the latest version to secure your site. More info: [The Permalinker… https://t.co/65Wjf7
@transilienceai
18 Dec 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11894 (Published: 2024-12-14) - A high-severity vulnerability affects The Permalinker plugin for WordPress. Ensure you're using the latest version to mitigate risks. Check the code here: https://t.co/WgUzSdt6iP. Stay secure! 🔒 #WordPress #CVE
@transilienceai
18 Dec 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11894 Stored Cross-Site Scripting in WordPress Permalinker Plugin Before 1.8.2 The Permalinker plugin for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability. This happens through the plugin'... https://t.co/yVhViFIVvZ
@VulmonFeeds
14 Dec 2024
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes