Reflected Cross-Site Scripting Vulnerability Affects All Versions of Waymark WordPress Plugin
CVE-2024-12325

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Waymark
Vendor
CVE Published:
11 December 2024

What is CVE-2024-12325?

A security vulnerability exists in the Waymark plugin for WordPress that permits reflected Cross-Site Scripting (XSS) due to inadequate input validation and output sanitization. This flaw allows attackers to inject malicious web scripts via the 'content' parameter. If successfully exploited, this vulnerability can enable unauthenticated threat actors to execute arbitrary scripts in the user's browser. The impact of this vulnerability is heightened when a user is deceived into interacting with a compromised link, potentially leading to data theft or unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Waymark * <= 1.4.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/waymark/trunk/...
https://plugins.trac.wordpress.org/browser/waymark/trunk/...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
JSON
.