Reflected XSS Vulnerability in bbPress Notify
CVE-2024-37485

7.1HIGH

Key Information:

Vendor: WordPress
Status: Bbpress Notify
Vendor: CVE Published:; 21 July 2024

What is CVE-2024-37485?

An improper neutralization of input during web page generation in the bbPress Notify plugin allows attackers to execute Cross-site Scripting (XSS) attacks. This vulnerability specifically affects versions n/a through 2.18.3 of the plugin, enabling malicious users to inject arbitrary scripts into web pages viewed by other users. Ensuring that your version is updated and implementing security measures can help mitigate the risk associated with this vulnerability.

Affected Version(s)

bbPress Notify <= 2.18.3

References

https://patchstack.com/database/vulnerability/bbpress-not...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2024
Vulnerability Reserved
Jun 9, 2024

Credit

Dimas Maulana (Patchstack Alliance)

CVE-2024-37485 Data

JSON