Cross-site Scripting (XSS) Vulnerability in Stockholm Core
CVE-2024-34553

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Stockholm Core
Vendor: CVE Published:; 8 May 2024

Summary

An improper neutralization of input during webpage generation has been identified in the Stockholm Core developed by Select-Themes, leading to a reflected Cross-Site Scripting (XSS) vulnerability. This security flaw permits attackers to inject malicious scripts into web pages viewed by users, potentially compromising their session or redirecting them to malicious sites. Users of Stockholm Core versions from n/a through 2.4.1 are encouraged to apply security patches and updates promptly to mitigate the risks associated with this vulnerability.

Affected Version(s)

Stockholm Core <= 2.4.1

References

https://patchstack.com/database/vulnerability/stockholm-c...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 8, 2024
Vulnerability Reserved
May 6, 2024

Credit

Rafie Muhammad (Patchstack)