CVE-2024-5578

Published Nov 5, 2024

Last updated 11 days ago

CVSS medium 4.8

Overview

Description: The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Source: contact@wpscan.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.8
Impact score: 2.7
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

CVE-2024-5578 The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to pe… https://t.co/waf3yEjWA8
@CVEnew
5 Nov 2024
486 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dublue:table_of_contents_plus:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84C27B98-4BAC-4BEF-A012-173DE7466A86",
            "versionEndIncluding": "2408"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References