Reflected XSS Vulnerability in Kanban Boards for WordPress
CVE-2024-31103

7.1HIGH

Key Information:

Vendor: WordPress
Status: Kanban Boards For WordPress
Vendor: CVE Published:; 31 March 2024

What is CVE-2024-31103?

A vulnerability in the Kanban for WordPress plugin, specifically affecting the Kanban Boards functionality, allows attackers to exploit improper input neutralization during web page generation. This results in Reflected Cross-Site Scripting (XSS), enabling malicious code to be executed in the context of an end user's browser. The affected versions range from unspecified up to and including 2.5.21, which exposes users to significant security risks. It is imperative for users to apply necessary patches and security updates to mitigate this vulnerability.

Affected Version(s)

Kanban Boards for WordPress <= 2.5.21

References

https://patchstack.com/database/vulnerability/kanban/word...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2024

CVE-2024-31103 Data

JSON