Stored Cross-Site Scripting Vulnerability in WPFront Notification Bar Plugin for WordPress
CVE-2024-0625
What is CVE-2024-0625?
The WPFront Notification Bar plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the 'wpfront-notification-bar-options[custom_class]' parameter. This vulnerability affects all versions up to and including 3.3.2. It enables attackers with administrator-level access to inject harmful web scripts into pages, posing a risk as these scripts execute whenever users visit the compromised pages. The issue is particularly critical for multi-site installations and environments where the unfiltered_html setting has been disabled.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
WPFront Notification Bar * <= 3.3.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved