Xylus Themes WP Bulk Delete Vulnerable to Reflected XSS
CVE-2024-47352

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Bulk Delete
Vendor: CVE Published:; 6 October 2024

Summary

The vulnerability in WP Bulk Delete, developed by Xylus Themes, stems from improper neutralization of user input during the web page generation process, leading to reflected cross-site scripting (XSS) issues. This may allow attackers to inject malicious scripts into web pages, which could be executed in the context of another user’s browser session. The affected versions, including those prior to 1.3.1, are susceptible, presenting significant exposure to web applications utilizing this plugin.

Affected Version(s)

WP Bulk Delete <= 1.3.1

References

https://patchstack.com/database/vulnerability/wp-bulk-del...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 6, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Dimas Maulana (Patchstack Alliance)