Stored Cross-Site Scripting Vulnerability in Portfolio – Filterable Masonry Portfolio Gallery Plugin for WordPress
CVE-2024-11900

6.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Portfolio – Filterable Masonry Portfolio Gallery For Professionals
Vendor: CVE Published:; 17 December 2024

What is CVE-2024-11900?

CVE-2024-11900 highlights a security vulnerability within the Portfolio – Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress. This vulnerability allows authenticated attackers, with contributor-level access or higher, to exploit stored cross-site scripting (XSS) due to insufficient input sanitization and output escaping on attributes supplied by users. The vulnerability affects all versions up to and including 1.2.2 of the plugin. By injecting malicious web scripts into pages, attackers can compromise the integrity of web content and potentially execute harmful scripts whenever users access affected pages.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Portfolio – Filterable Masonry Portfolio Gallery for Professionals * <= 1.2.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/portfolio-pro/...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 17, 2024

Credit

Peter Thaleikis

JSON

Wordpress