Cross-Site Scripting Vulnerability in Tourmaster Plugin by WordPress
CVE-2024-11356
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 6 January 2025
Badges
Summary
The Tourmaster plugin for WordPress, prior to version 5.3.4, is susceptible to a Cross-Site Scripting vulnerability. This issue arises from the plugin's failure to properly sanitize and escape certain parameters before rendering them on web pages. As a result, unauthenticated users can potentially exploit this flaw to execute malicious scripts in the context of another user's browser, posing a significant security risk. It is crucial for website owners to update to the latest version to mitigate this vulnerability and safeguard their sites from potential attacks.
Affected Version(s)
tourmaster 0 < 5.3.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved