Reflected Cross-Site Scripting in Asgard Security Scanner WordPress Plugin
CVE-2024-12715

Currently unrated

Key Information:

Vendor
Wordpress
Status
Asgard Security Scanner
Vendor
CVE Published:
9 January 2025

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

The Asgard Security Scanner plugin for WordPress, specifically versions up to 0.7, contains a security flaw that arises from inadequate sanitization and escaping of user-supplied input. This oversight can lead to reflected cross-site scripting (XSS) attacks, potentially targeting high-privilege users, including administrators. An attacker could exploit this vulnerability to execute malicious scripts in the context of the affected user's session, which may result in unauthorized actions or data exposure.

Affected Version(s)

Asgard Security Scanner 0 <= 0.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-12715 - Proof of Concept

References

https://wpscan.com/vulnerability/e1456295-75ba-4dc2-9b1a-...
exploitvdb-entrytechnical-description

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hassan Khan Yusufzai - Splint3r7
WPScan
.