Stored Cross-Site Scripting Vulnerability in WP jQuery DataTable Plugin for WordPress
CVE-2024-12499
6.4MEDIUM
What is CVE-2024-12499?
The WP jQuery DataTable plugin for WordPress is affected by a stored cross-site scripting vulnerability that allows authenticated users with contributor-level access or higher to inject malicious scripts. This occurs through the plugin's 'wp_jdt' shortcode, due to inadequate input sanitization and output escaping for user-supplied attributes. Once injected, the web scripts execute whenever a user accesses the compromised page, posing significant security risks.
Affected Version(s)
WP jQuery DataTable * <= 4.0.1