Total Search Vulnerability: Stored XSS Affects Users
CVE-2024-39663

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Fast Total Search
Vendor: CVE Published:; 1 August 2024

What is CVE-2024-39663?

The WP Fast Total Search plugin by Epsiloncool is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This flaw allows for stored XSS attacks, potentially enabling attackers to execute arbitrary JavaScript code in the context of users visiting affected pages. Version 1.68.232 and earlier are impacted, necessitating prompt actions by users to safeguard their systems.

Affected Version(s)

WP Fast Total Search 0 <= 1.68.232

References

https://patchstack.com/database/Wordpress/Plugin/fulltext...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2024

CVE-2024-39663 Data

JSON

WordPress

What is CVE-2024-39663?

Affected Version(s)

References

CVSS V3.1

Timeline