Improper Neutralization of Input During Web Page Generation (XSS) Vulnerability in VillaTheme CURCY
CVE-2024-49283

7.1HIGH

Key Information:

Vendor: WordPress
Status: Curcy
Vendor: CVE Published:; 17 October 2024

Summary

A Cross-Site Scripting (XSS) vulnerability in the VillaTheme CURCY plugin permits attackers to inject malicious scripts through improper handling of input during web page generation. This reflected XSS issue can lead to unauthorized access and information disclosure on affected WordPress installations. The vulnerability impacts versions from n/a through 2.2.3, emphasizing the need for users to implement security measures promptly.

Affected Version(s)

CURCY <= 2.2.3

References

https://patchstack.com/database/vulnerability/woo-multi-c...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 14, 2024

Credit

Dimas Maulana (Patchstack Alliance)