Cross-site Scripting (XSS) Vulnerability in WP Dynamic Keywords Injector
CVE-2024-32528

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Dynamic Keywords Injector
Vendor: CVE Published:; 17 April 2024

What is CVE-2024-32528?

The Seerox WP Dynamic Keywords Injector plugin contains a vulnerability that allows for reflected Cross-Site Scripting (XSS). This occurs due to improper input sanitization during web page generation. Attackers can exploit this vulnerability in versions of the plugin up to 2.3.18, potentially leading to unauthorized script execution in the context of the user's session. It is crucial for users of this plugin to review their configurations and apply best security practices to mitigate potential risks associated with this vulnerability.

Affected Version(s)

WP Dynamic Keywords Injector <= 2.3.18

References

https://patchstack.com/database/vulnerability/wp-dynamic-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 15, 2024

Credit

LVT-tholv2k (Patchstack Alliance)