Reflected Cross-Site Scripting Vulnerability in WP Triggers Lite by WordPress
CVE-2024-13094

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Triggers Lite
Vendor: CVE Published:; 27 January 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A reflected cross-site scripting vulnerability has been identified in the WP Triggers Lite WordPress plugin, specifically in version 2.5.3. The plugin does not adequately sanitize and escape a certain parameter before rendering it on the page. This oversight opens the door for attackers to inject malicious scripts, particularly targeting high privilege users such as administrators. If exploited, this vulnerability could allow unauthorized access and manipulation of sensitive data within the affected applications.

Affected Version(s)

WP Triggers Lite 0 <= 2.5.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-13094 - Proof of Concept

References

https://wpscan.com/vulnerability/7a75809e-824e-458e-bd01-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Jan 27, 2025
👾
Exploit known to exist
Jan 27, 2025
Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Dec 31, 2024

Credit

Hassan Khan Yusufzai - Splint3r7

WPScan