Cross-Site Scripting Vulnerability in WordPress System Dashboard Plugin
CVE-2024-11107
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 10 December 2024
Badges
Summary
The System Dashboard WordPress plugin, prior to version 2.8.15, contains a critical security flaw that fails to properly sanitize and escape certain parameters in its output. This oversight could enable unauthenticated attackers to exploit the vulnerability and execute Cross-Site Scripting (XSS) attacks. Such an attack may allow the injection of malicious scripts into web pages viewed by users, compromising their sessions, conducting phishing attacks, or redirecting users to malicious sites. It is essential for website administrators using this plugin to upgrade to version 2.8.15 or higher to mitigate the risk.
Affected Version(s)
System Dashboard 0 < 2.8.15
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved