CVE-2024-11278 – WordPress GD bbPress Attachments Reflected Cross-Site Scripting

11月 20, 2024
6:16 am

CVE ID : CVE-2024-11278

Published : Nov. 20, 2024, 5:15 a.m. | 1 hour, 1 minute ago

Description : The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-11278 – WordPress GD bbPress Attachments Reflected Cross-Site Scripting

Elvescore.io

Recent Posts

CVE-2024-12965 – 1000 Projects Portfolio Management System MCA SQL Injection Vulnerability

CVE-2024-12966 – “Code-projects Job Recruitment SQL Injection”

CVE-2024-56510 – Marp Core XSSInjection

CVE-2024-12963 – Code-projects Job Recruitment SQL Injection

CVE-2024-12964 – “1000 Projects Daily College Class Work Report Book SQL Injection Vulnerability”

CVE-2024-12962 – Code-Projects Job Recruitment SQL Injection Vulnerability

CVE-2024-11278 – WordPress GD bbPress Attachments Reflected Cross-Site Scripting

CVE-2024-11278 – WordPress GD bbPress Attachments Reflected Cross-Site Scripting