Stored Cross-Site Scripting Vulnerability in Ask Me Anything (Anonymously) Plugin for WordPress
CVE-2024-12512
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 25 January 2025
What is CVE-2024-12512?
The Ask Me Anything (Anonymously) plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping on user-supplied attributes through the 'askmeanythingpeople' shortcode. This vulnerability enables authenticated attackers with contributor-level access or higher to inject malicious web scripts. These scripts execute when users access compromised pages, posing a significant threat to the integrity of affected WordPress sites.
Affected Version(s)
Ask Me Anything (Anonymously) * <= 1.6