Reflected Cross-Site Scripting Vulnerability in PowerPack Lite for Beaver Builder Plugin
CVE-2024-12239
6.1MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 17 December 2024
Summary
The PowerPack Lite for Beaver Builder plugin for WordPress contains a critical vulnerability that allows for reflected cross-site scripting (XSS). This flaw, affecting all versions up to and including 1.3.0.5, is due to inadequate input sanitization and output escaping on the navigate parameter. Unauthenticated attackers can exploit this vulnerability by tricking an administrative user into executing a malicious script, potentially compromising the integrity of their web pages. It is crucial for administrators to understand this risk and apply any necessary updates or security measures to mitigate potential attacks.
Affected Version(s)
PowerPack Lite for Beaver Builder * <= 1.3.0.5
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
ngocanh le