Stored Cross-Site Scripting in Squelch Tabs and Accordions Shortcodes Plugin for WordPress
CVE-2024-2499
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 5 April 2024
What is CVE-2024-2499?
The Squelch Tabs and Accordions Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through its 'accordions' shortcode due to inadequate input validation and output sanitization for user-defined attributes. Authenticated users with contributor-level permissions or higher can craft and inject malicious web scripts that execute whenever someone accesses the impacted page. This vulnerability emphasizes the significance of robust input handling in plugin development to mitigate potential exploitation.
Affected Version(s)
Squelch Tabs and Accordions Shortcodes 0 <= 0.4.3