Reflected Cross-Site Scripting Vulnerability in Pet Manager WordPress Plugin
CVE-2024-3917

Currently unrated

Key Information:

Vendor: Wordpress
Status: Pet Manager
Vendor: CVE Published:; 23 May 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-3917?

The Pet Manager WordPress plugin, in versions up to 1.4, is susceptible to a reflected cross-site scripting vulnerability due to a failure to properly sanitize and escape user-supplied input. This vulnerability can be exploited by attackers to inject malicious scripts into web pages, posing a significant risk to high privilege users such as administrators. Successful exploitation could allow attackers to perform various malicious actions, including impersonating users or gaining unauthorized access to sensitive data. Website owners using this plugin should take immediate actions to mitigate the risk and ensure the security of their applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Pet Manager 0 <= 1.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-3917 - Proof of Concept

References

https://wpscan.com/vulnerability/88162016-9fc7-4194-9e81-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
May 23, 2024
👾
Exploit known to exist
May 23, 2024
Vulnerability published
May 23, 2024
Vulnerability Reserved
Apr 17, 2024

Credit

Bob Matyas

WPScan

JSON

Wordpress