Stored Cross-Site Scripting Vulnerability in PCRecruiter Extensions Plugin for WordPress
CVE-2024-11776

6.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Pcrecruiter Extensions
Vendor: CVE Published:; 20 December 2024

What is CVE-2024-11776?

The PCRecruiter Extensions plugin for WordPress is susceptible to a critical Stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2024-11776. This weakness stems from inadequate input sanitization and output escaping on user-supplied attributes within the plugin's 'PCRecruiter' shortcode. Authenticated attackers with contributor-level permissions can exploit this vulnerability to inject arbitrary web scripts. Once inserted, these scripts will execute in the context of any user accessing the modified pages, potentially allowing attackers to steal sensitive information or perform unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PCRecruiter Extensions * <= 1.4.10

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/pcrecruiter-ex...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2024
Vulnerability Reserved
Nov 26, 2024

Credit

muhammad yudha

JSON

Wordpress