Unfiltered HTML Setting Vulnerability in WordPress Plugin Allows Stored XSS Attacks

CVE-2024-3634

Currently unrated 🤨

Key Information

Vendor: WordPress
Status: Month Name Translation Benaceur
Vendor: CVE Published:; 15 May 2024

Summary

The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Affected Version(s)

month name translation benaceur < 2.3.8

Timeline

Vulnerability published.
May 15, 2024
Vulnerability Reserved.
Apr 10, 2024

Collectors

NVD DatabaseMitre Database

Credit

Bob Matyas

WPScan