Cross-site Scripting Vulnerability in Oshine Modules by NotFound
CVE-2024-44044

7.1HIGH

Key Information:

Vendor: WordPress
Status: Oshine Modules
Vendor: CVE Published:; 16 February 2025

Summary

The vulnerability in Oshine Modules developed by NotFound allows for improper neutralization of input during web page generation, leading to a reflected cross-site scripting (XSS) issue. This type of vulnerability enables attackers to inject malicious scripts into web pages viewed by users, potentially compromising user data and security. Websites utilizing affected versions of the Oshine Modules are at risk, and immediate action is recommended to secure the web application.

Affected Version(s)

Oshine Modules < 3.3.8

References

https://patchstack.com/database/wordpress/plugin/oshine-m...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 16, 2025
Vulnerability Reserved
Aug 18, 2024

Credit

Rafie Muhammad (Patchstack)