plugin vulnerable to Stored Cross-Site Scripting
CVE-2024-3827
5.4MEDIUM
What is CVE-2024-3827?
The Spectra Pro plugin for WordPress is prone to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping on user-supplied attributes. Authenticated users with contributor-level access or higher can exploit this vulnerability by injecting arbitrary web scripts into pages. These scripts are executed whenever a user accesses the compromised page, potentially compromising user data and account integrity. This issue impacts all versions of the plugin up to and including 1.1.4.