Stored Cross-Site Scripting Vulnerability in Particle Background Plugin for WordPress
CVE-2024-11775

6.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Particle Background
Vendor: CVE Published:; 20 December 2024

Summary

CVE-2024-11775 exposes a critical stored cross-site scripting (XSS) vulnerability within the Particle Background plugin for WordPress, specifically through the 'particleground' shortcode. This flaw arises from inadequate input sanitization and output escaping for user-supplied attributes, allowing authenticated attackers with contributor-level access or higher to inject malicious web scripts. When a user accesses an affected page, these scripts execute, potentially leading to data compromise and security breaches. The vulnerability affects all versions of the plugin up to and including 1.0.2, necessitating prompt updates to ensure website safety and integrity.

Affected Version(s)

Particle Background * <= 1.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/particle-backg...

https://wordpress.org/plugins/particle-background/

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2024
Vulnerability Reserved
Nov 26, 2024

Credit

Djaidja Moundjid