Stored XSS Vulnerability in Tooltip WordPress Tooltips Allows CSRF
CVE-2024-31285
7.1HIGH
Summary
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress Tooltips plugin, which could lead to Stored Cross-Site Scripting (XSS) attacks. This vulnerability threatens the integrity and security of websites utilizing the plugin by allowing an attacker to trick users into executing unwanted actions on their behalf. The issue impacts all versions of the WordPress Tooltips plugin through 9.5.3, necessitating prompt attention from site administrators to mitigate potential exploitation.
Affected Version(s)
WordPress Tooltips <= 9.5.3
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Majed Refaea (Patchstack Alliance)