Reflected XSS Vulnerability in LH Add Media From Url
CVE-2024-32533

7.1HIGH

Key Information:

Vendor: WordPress
Status: Lh Add Media From Url
Vendor: CVE Published:; 17 April 2024

Summary

A reflected cross-site scripting (XSS) vulnerability exists in the LH Add Media From Url plugin developed by Peter Shaw. This issue arises due to improper neutralization of input during web page generation. Attackers can exploit this vulnerability to inject malicious scripts into web pages, which could be executed in the context of the user's browser session. This makes users susceptible to various attacks, including data theft and session hijacking. The vulnerability specifically affects versions from n/a up to 1.22 of the LH Add Media From Url plugin.

Affected Version(s)

LH Add Media From Url <= 1.22

References

https://patchstack.com/database/vulnerability/lh-add-medi...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 15, 2024

Credit

Majed Refaea (Patchstack Alliance)