CVE-2024-55864

Published Dec 17, 2024

Last updated 2 months ago

CVSS medium 4.8

Overview

Description
Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page.
Source
vultures@jpcert.or.jp
NVD status
Received

Risk scores

CVSS 3.0

Type
Secondary
Base score
4.8
Impact score
2.7
Exploitability score
1.7
Vector string
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

vultures@jpcert.or.jp
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2024-55864 Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administra… https://t.co/LWoxNQOFW0

    @CVEnew

    17 Dec 2024

    459 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References