Reflected XSS Vulnerability in Cool Plugins Cryptocurrency Widgets
CVE-2024-43304

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Cryptocurrency Widgets – Price Ticker & Coins List
Vendor: CVE Published:; 18 August 2024

Summary

A Cross-site Scripting (XSS) vulnerability exists in Cool Plugins' Cryptocurrency Widgets – Price Ticker & Coins List that allows attackers to inject malicious scripts into web pages. This reflected XSS vulnerability affects versions from n/a up to 2.8.0, posing serious security risks for users interacting with the affected plugin. The flaw arises due to improper neutralization of input during the web page generation process, enabling attackers to manipulate the web application's response. Users of the Cryptocurrency Widgets plugin should assess their current version and apply recommended mitigation strategies to safeguard their systems against potential exploitation.

Affected Version(s)

Cryptocurrency Widgets – Price Ticker & Coins List <= 2.8.0

References

https://patchstack.com/database/vulnerability/cryptocurre...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 18, 2024
Vulnerability Reserved
Aug 9, 2024

Credit

Trương Hữu Phúc / truonghuuphuc (Patchstack Alliance)