Cross-site Scripting Vulnerability in Astra Widgets by Brainstorm Force
CVE-2024-50439
5.4MEDIUM
What is CVE-2024-50439?
The Astra Widgets plugin for WordPress is prone to a stored Cross-site Scripting (XSS) vulnerability. This flaw arises from improper validation of user input during web page generation. Attackers can exploit this weakness to inject malicious scripts into user sessions, leading to unauthorized access and data compromise. Affected versions include those prior to 1.2.14. It is crucial for site administrators using Astra Widgets to update to the latest version to mitigate potential risks.
Affected Version(s)
Astra Widgets 0 <= 1.2.14