- Description
- The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘a-0-o-search_field_value’ parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. When used in conjunction with the plugin's import and code action feature, this vulnerability can be leveraged to execute arbitrary code.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-79
- Hype score
- Not currently trending
CVE-2024-12626 alert 🚨 AutomatorWP: Reflected XSS leading to Remote Code Execution (CVSS: 9.6/10) The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec https://t.co/KGCfqLCS1W
@Patrowl_io
23 Dec 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12626 Reflected XSS Vulnerability in AutomatorWP Plugin for WordPress The Aut... https://t.co/jkKFU6LJkR Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
19 Dec 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-12626: CRITICAL] Vulnerability alert: AutomatorWP WordPress plugin versions up to 5.0.9 have a Reflected Cross-Site Scripting flaw. Attackers could inject malicious scripts through 'a-0-o-search_field_v...#cybersecurity,#vulnerability https://t.co/THAATw6mzr https://t.c
@CveFindCom
19 Dec 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12626 The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scr… https://t.co/i9nrMmon6O
@CVEnew
19 Dec 2024
380 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes