Stored XSS Vulnerability Affects Contest Gallery
CVE-2024-39631

7.1HIGH

Key Information:

Vendor: WordPress
Status: Contest Gallery
Vendor: CVE Published:; 1 August 2024

What is CVE-2024-39631?

The Contest Gallery plugin for WordPress is affected by a stored Cross-site Scripting (XSS) vulnerability. This issue occurs due to improper neutralization of input during web page generation, allowing unauthorized users to inject malicious scripts. Successful exploitation could lead to harmful consequences, including session hijacking, data theft, or site defacement. This vulnerability affects all versions from the initial release through 23.1.2, necessitating urgent updates to ensure the security of WordPress sites utilizing this plugin.

Affected Version(s)

Contest Gallery 0 <= 23.1.2

References

https://patchstack.com/database/Wordpress/Plugin/contest-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2024

CVE-2024-39631 Data

JSON