XSS Vulnerability in Rencontre Plugin for WordPress
CVE-2019-13414

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Rencontre
Vendor
CVE Published:
8 July 2019

Summary

The Rencontre plugin for WordPress, prior to version 3.1.3, is susceptible to Cross-Site Scripting (XSS) attacks. This vulnerability arises from improper validation of user input in the 'inc/rencontre_widget.php' file, which can allow malicious users to inject arbitrary scripts. Exploiting this flaw could lead to a range of security issues, including unauthorized actions on behalf of unsuspecting users. It is critical for website administrators using this plugin to update to the latest version to mitigate the associated risks.

References

https://plugins.trac.wordpress.org/changeset/2119248
x_refsource_MISC
https://wordpress.org/plugins/rencontre/#developers
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9430
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.