Wp-Insert Vulnerability Affects Unknown Functionality, Remote Attack Possible
CVE-2014-125111

3.5LOW

Key Information:

Vendor
WordPress
Status
WP-insert
Vendor
CVE Published:
8 April 2024

Summary

A cross site scripting vulnerability exists in the Namithjawahar Wp-Insert plugin, impacting versions up to 2.0.8. The vulnerability arises from an unspecified functionality that can be exploited remotely, allowing attackers to inject malicious scripts into web pages viewed by other users. This can lead to unauthorized actions on behalf of users, data theft, and other malicious outcomes. It is crucial for users of this plugin to upgrade to version 2.0.9, where the issue has been addressed with an official patch. For further details, refer to the patch information available on GitHub.

Affected Version(s)

Wp-Insert 2.0.0

Wp-Insert 2.0.1

Wp-Insert 2.0.2

References

https://vuldb.com/?id.259628
vdb-entry
https://vuldb.com/?ctiid.259628
signaturepermissions-required
https://github.com/wp-plugins/wp-insert/commit/a07b7b0808...
patch

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.