Reflected XSS Vulnerability in postMash - Custom Post Order
CVE-2024-27196

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Postmash – Custom Post Order
Vendor: CVE Published:; 15 March 2024

What is CVE-2024-27196?

A reflected Cross Site Scripting (XSS) vulnerability exists in the postMash – custom post order plugin developed by Joel Starnes. This issue allows attackers to inject malicious scripts into web pages viewed by other users, exploiting the way the plugin handles input data. The vulnerability affects all versions from n/a up to 1.2.0, enabling potential security breaches that could compromise user data and overall site integrity.

Affected Version(s)

postMash – custom post order <= 1.2.0

References

https://patchstack.com/database/vulnerability/postmash/wo...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2024
Vulnerability Reserved
Feb 21, 2024

Credit

Dimas Maulana (Patchstack Alliance)