XSS Vulnerability in Chamber Dashboard Business Directory Plugin for WordPress
CVE-2020-24699

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Chamber Dashboard Business Directory
Vendor: CVE Published:; 31 August 2020

What is CVE-2020-24699?

The Chamber Dashboard Business Directory plugin version 3.2.8 for WordPress is susceptible to a Cross-Site Scripting (XSS) vulnerability, allowing attackers to inject malicious scripts into user inputs. This vulnerability can potentially be exploited to execute arbitrary JavaScript code in the context of authenticated users, compromising the integrity and confidentiality of user data. Website owners are advised to update the plugin to the latest version and implement stringent input validation to mitigate the risk of XSS attacks.

References

https://wordpress.org/plugins/chamber-dashboard-business-...

x_refsource_MISC

https://l0l.xyz/sec/2020/08/31/1-wordpress-crm-xss.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2020
Vulnerability Reserved
Aug 27, 2020

Wordpress

What is CVE-2020-24699?

References

CVSS V3.1

Timeline