Reflected XSS Vulnerability in Add Categories Post Footer
CVE-2024-49239

7.1HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
18 October 2024

What is CVE-2024-49239?

An improper neutralization of input during web page generation in the Add Categories Post Footer plugin allows for reflected cross-site scripting (XSS) attacks. This vulnerability affects versions up to 2.2.2, permitting attackers to inject malicious scripts into web pages viewed by users, leading to potential unauthorized actions or data exposure. Immediate remediation is recommended to safeguard your WordPress site.

Affected Version(s)

Add Categories Post Footer 0 <= 2.2.2

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Le Ngoc Anh (Patchstack Alliance)
.