Cross-site Scripting Vulnerability in Ultimate Reviews
CVE-2024-25597

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Ultimate Reviews
Vendor: CVE Published:; 15 March 2024

What is CVE-2024-25597?

The Etoile Web Design Ultimate Reviews product is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This issue allows attackers to inject malicious scripts that can be executed in the browser of users accessing the affected application. Exploitation of this vulnerability could lead to unauthorized actions, session hijacking, or exposure of sensitive data. Users of Ultimate Reviews from version n/a up to 3.2.8 are encouraged to review their security posture and implement safeguards against potential attacks.

Affected Version(s)

Ultimate Reviews <= 3.2.8

References

https://patchstack.com/database/vulnerability/ultimate-re...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2024
Vulnerability Reserved
Feb 8, 2024

Credit

Kang SeoHee (Patchstack Alliance)