CVE-2024-12697 – RealKit WordPress Stored Cross-Site Scripting Vulnerability

12月 21, 2024
8:16 am

CVE ID : CVE-2024-12697

Published : Dec. 21, 2024, 7:15 a.m. | 1 hour, 1 minute ago

Description : The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12697 – RealKit WordPress Stored Cross-Site Scripting Vulnerability

Elvescore.io

Recent Posts

CVE-2024-12875 – Easy Digital Downloads WordPress Directory Traversal Vulnerability

CVE-2024-10453 – Elementor Website Builder Stored Cross-Site Scripting Vulnerability

CVE-2024-11688 – WordPress LaTeX2HTML Reflected Cross-Site Scripting

CVE-2024-11722 – WordPress DynamiApps Frontend Admin SQL Injection

CVE-2024-12408 – “Amazon Web Services (AWS) WordPress Reflected Cross-Site Scripting (XSS)”

CVE-2024-12558 – WordPress WP BASE Booking Unauthenticated Database Access Vulnerability

CVE-2024-12697 – RealKit WordPress Stored Cross-Site Scripting Vulnerability

CVE-2024-12697 – RealKit WordPress Stored Cross-Site Scripting Vulnerability