Reflected XSS Vulnerability in WPMobile.App
CVE-2024-47349

7.1HIGH

Key Information:

Vendor: WordPress
Status: WPmobile.app
Vendor: CVE Published:; 6 October 2024

Summary

The vulnerability consists of an improper neutralization of input during the web page generation process, leading to a Reflected Cross-site Scripting (XSS) flaw within the WPMobile.App. This security issue permits attackers to inject malicious scripts into web pages viewed by users, which could lead to unauthorized access to sensitive data and manipulation of user sessions. The flaw affects WPMobile.App across several versions, including those up to 11.50, compromising its users' security and privacy.

Affected Version(s)

WPMobile.App <= 11.50

References

https://patchstack.com/database/vulnerability/wpappninja/...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 6, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Le Ngoc Anh (Patchstack Alliance)