Reflected Cross-Site Scripting Vulnerability in WordPress Permalink Manager Lite and Pro Plugins
CVE-2024-2738
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 9 April 2024
Badges
Summary
The first article discusses a Reflected Cross-Site Scripting vulnerability in the WordPress Permalink Manager Lite and Pro Plugins, affecting all versions up to 2.4.3.1. This vulnerability allows attackers to inject arbitrary web scripts and trick users into executing actions, potentially leading to unauthorized access to sensitive information.
The second article focuses on the CVE-2024-27348 Remote Code Execution vulnerability in Apache HugeGraph Server before version 1.3.0. This vulnerability allows attackers to bypass sandbox restrictions and achieve RCE through Gremlin, leading to complete control over the server. The article provides a detailed analysis of the patch diffing and testing lab process, including the exploitation of the vulnerability to execute a system command through Gremlin. The analysis emphasizes the importance of addressing this vulnerability to prevent unauthorized access and manipulation of sensitive operations.
Affected Version(s)
Permalink Manager Lite * <= 2.4.3.1
Permalink Manager Pro * <= 2.4.3.1
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
References
CVSS V3.1
Timeline
- πΎ
Exploit known to exist
- π°
First article discovered by SecureLayer7
Vulnerability published
Vulnerability Reserved