WordPress Kodex Posts likes plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-43217

7.1HIGH

Key Information:

Vendor: WordPress
Status: Kodex Posts Likes
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-43217?

A security vulnerability exists in the Kodex Posts Likes plugin by Pierre Lebedel, allowing an improper neutralization of input that results in a reflected cross-site scripting (XSS) issue. This vulnerability affects users utilizing versions from n/a through 2.5.0 and can lead to unauthorized access or manipulation of user data within the web application. Attackers may exploit this vulnerability by crafting malicious payloads that, when executed, could compromise the integrity of user sessions and web security.

Affected Version(s)

Kodex Posts likes <= 2.5.0

References

https://patchstack.com/database/vulnerability/kodex-posts...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024

Credit

Dmitriy Prokhorov (Patchstack Alliance)