Stored XSS Vulnerability in WP-PostRatings
CVE-2024-39659

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: WP-postratings
Vendor: CVE Published:; 1 August 2024

Summary

A vulnerability exists in the WP-PostRatings plugin developed by Lester ‘GaMerZ’ Chan, which allows for the possibility of stored cross-site scripting (XSS). This issue arises from improper neutralization of input during web page generation, whereby an attacker can inject malicious scripts into the application. Affected versions of the plugin range from n/a to 1.91.1, and successful exploitation can compromise website security, leading to unauthorized access and manipulation of user data.

References

https://patchstack.com/database/vulnerability/wp-postrati...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 1, 2024