Overview
- Description
- The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 2.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
- Severity
- HIGH
Weaknesses
- security@wordfence.com
- CWE-79
Social media
- Hype score
- Not currently trending
CVE-2024-9184 (CVSS:7.2, HIGH) is Awaiting Analysis. The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and..https://t.co/GbT3pp7uHm #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
22 Oct 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9184 The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp… https://t.co/El8K2xkSFY
@CVEnew
381 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 ¡Alerta de seguridad! 🚨 Se ha descubierto una vulnerabilidad crítica (CVE-2024-9184) en el complemento SendPulse Free Web Push para WordPress. Esta falla permite ataques de Cross-Site Scripting Almacenado (CWE-79) debido al uso incorrecto de la función wp_kses_allowed_html.…
@antu_tech
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes