Reflected XSS Vulnerability in Specific Content For Mobile - Customize the mobile version without redirections
CVE-2024-29126

7.1HIGH

Key Information:

Vendor: WordPress
Status: Specific Content For Mobile – Customize The Mobile Version Without Redirections
Vendor: CVE Published:; 19 March 2024

Summary

The vulnerability allows for improper neutralization of input during web page generation, leading to reflected Cross-Site Scripting (XSS) attacks. An attacker can exploit this weakness in the Specific Content For Mobile plugin, enabling them to inject malicious scripts through user-generated input. This issue is particularly relevant for users customizing their mobile version without proper input validation as it impacts all versions up to 0.1.9.5. Proper mitigation strategies and updates are crucial for safeguarding against potential exploitation.

Affected Version(s)

Specific Content For Mobile – Customize the mobile version without redirections <= 0.1.9.5

References

https://patchstack.com/database/vulnerability/specific-co...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 19, 2024
Vulnerability Reserved
Mar 16, 2024

Credit

thiennv (Patchstack Alliance)