Reflected Cross-Site Scripting Vulnerability Affects All Versions of Waymark WordPress Plugin
CVE-2024-12325

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Waymark
Vendor: CVE Published:; 11 December 2024

Summary

A security vulnerability exists in the Waymark plugin for WordPress that permits reflected Cross-Site Scripting (XSS) due to inadequate input validation and output sanitization. This flaw allows attackers to inject malicious web scripts via the 'content' parameter. If successfully exploited, this vulnerability can enable unauthenticated threat actors to execute arbitrary scripts in the user's browser. The impact of this vulnerability is heightened when a user is deceived into interacting with a compromised link, potentially leading to data theft or unauthorized access.

Affected Version(s)

Waymark * <= 1.4.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/waymark/trunk/...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 11, 2024
Vulnerability Reserved
Dec 6, 2024

Credit

Dale Mavers