CVE-2024-11196 – WordPress Multi-column Tag Map Stored Cross-Site Scripting Vulnerability

12月 21, 2024
8:16 am

CVE ID : CVE-2024-11196

Published : Dec. 21, 2024, 7:15 a.m. | 1 hour, 1 minute ago

Description : The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-11196 – WordPress Multi-column Tag Map Stored Cross-Site Scripting Vulnerability

Elvescore.io

Recent Posts

CVE-2024-10797 – Elementor WordPress Full Screen Menu Information Exposure

CVE-2024-11808 – Pingmeter WordPress Reflected Cross-Site Scripting Vulnerability

CVE-2024-12588 – WordPress Phlox Theme Phlox Theme Stored Cross-Site Scripting

CVE-2024-9545 – “WordPress Phlox Theme Plugin Stored Cross-Site Scripting Vulnerability”