Stored Cross-Site Scripting in Squelch Tabs and Accordions Shortcodes Plugin for WordPress
CVE-2024-2499

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Squelch Tabs And Accordions Shortcodes
Vendor: CVE Published:; 5 April 2024

What is CVE-2024-2499?

The Squelch Tabs and Accordions Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through its 'accordions' shortcode due to inadequate input validation and output sanitization for user-defined attributes. Authenticated users with contributor-level permissions or higher can craft and inject malicious web scripts that execute whenever someone accesses the impacted page. This vulnerability emphasizes the significance of robust input handling in plugin development to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Squelch Tabs and Accordions Shortcodes * <= 0.4.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3052812/sque...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 5, 2024

JSON

WordPress