Stored XSS Vulnerability in PT Sign Ups β Beautiful Volunteer Sign Ups and Management Made Easy
CVE-2024-24848
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 5 February 2024
What is CVE-2024-24848?
The vulnerability in MJS Software's PT Sign Ups plugin allows attackers to exploit improper input handling during web page generation, resulting in stored Cross-site Scripting (XSS). This flaw enables malicious scripts to be injected and stored on the server, potentially impacting users when they access the compromised functionality. It is crucial for users of the plugin, particularly those using versions up to 1.0.4, to assess their security measures and apply necessary updates to mitigate risks.
Affected Version(s)
PT Sign Ups β Beautiful volunteer sign ups and management made easy <= 1.0.4