CVE-2024-9647

Published Oct 16, 2024

Last updated a month ago

CVSS medium 6.1

Overview

Description
The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@wordfence.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🚨 ¡Alerta de seguridad importante! 🚨 Se ha identificado una vulnerabilidad en el plugin Kama SpamBlock de WordPress (CVE-2024-9647). Todas las versiones hasta la 1.8.2 son susceptibles a ataques de Cross-Site Scripting (XSS) reflejados. Esto permite a atacantes no autenticados

    @antu_tech

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References