Reflected Cross-Site Scripting Vulnerability in Ai Image Alt Text Generator Plugin for WordPress
CVE-2024-12177

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
Ai Image Alt Text Generator For WP
Vendor
CVE Published:
30 January 2025

What is CVE-2024-12177?

The Ai Image Alt Text Generator for WP plugin is susceptible to Reflected Cross-Site Scripting through the 'page' parameter, affecting all versions up to and including 1.0.2. This vulnerability arises from inadequate input sanitization and output escaping, enabling unauthenticated attackers to insert malicious web scripts. Successful exploitation may occur if an attacker deceives a user into performing a specific action, such as clicking a manipulated link. This can lead to compromised user sessions and unauthorized actions on behalf of users.

Affected Version(s)

Ai Image Alt Text Generator for WP * <= 1.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/ai-image-alt-t...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
.