Reflected Cross-Site Scripting Vulnerability in Pet Manager WordPress Plugin
CVE-2024-3917
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 23 May 2024
Badges
Summary
The Pet Manager WordPress plugin, in versions up to 1.4, is susceptible to a reflected cross-site scripting vulnerability due to a failure to properly sanitize and escape user-supplied input. This vulnerability can be exploited by attackers to inject malicious scripts into web pages, posing a significant risk to high privilege users such as administrators. Successful exploitation could allow attackers to perform various malicious actions, including impersonating users or gaining unauthorized access to sensitive data. Website owners using this plugin should take immediate actions to mitigate the risk and ensure the security of their applications.
Affected Version(s)
Pet Manager 0 <= 1.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved