Stored Cross-Site Scripting in ABC Notation Plugin for WordPress
CVE-2024-13551
5.4MEDIUM
What is CVE-2024-13551?
The ABC Notation plugin for WordPress is susceptible to a stored cross-site scripting vulnerability through its 'abcjs' shortcode. This vulnerability affects all versions up to and including 6.1.3 due to inadequate input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level access and higher can exploit this weakness to inject arbitrary web scripts into pages, which may execute whenever users access those compromised pages, potentially leading to unauthorized actions and data exposure.
Affected Version(s)
ABC Notation * <= 6.1.3