Stored Cross-Site Scripting Vulnerability in Modal Portfolio Plugin for WordPress
CVE-2024-13851
4.8MEDIUM
What is CVE-2024-13851?
The Modal Portfolio plugin for WordPress contains a vulnerability that allows stored cross-site scripting (XSS) attacks. This security flaw arises from inadequate input sanitization and output escaping mechanisms present in versions up to 1.7.4.2. Authenticated users, particularly those with Administrator-level privileges, can exploit this vulnerability to inject arbitrary scripts into web pages. Such injected scripts execute whenever a user accesses the modified page, posing significant risks, especially in multi-site installations or setups where unfiltered_html functionality is disabled.
Affected Version(s)
Modal Portfolio * <= 1.7.4.2