Cross-Site Scripting Vulnerability in CodePen Embedded Pens Shortcode Plugin for WordPress
CVE-2024-50440

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Codepen Embedded Pens Shortcode
Vendor: CVE Published:; 28 October 2024

What is CVE-2024-50440?

An improper neutralization of input during web page generation has been detected in the CodePen Embedded Pens Shortcode plugin for WordPress. This vulnerability allows for stored cross-site scripting (XSS) attacks, wherein an attacker could exploit the weakness to inject malicious scripts into the web pages viewed by users. The affected versions range from unspecified up to 1.0.2, making it essential for users to review their installations and take appropriate action to secure their websites against potential exploitation.

Affected Version(s)

CodePen Embedded Pens Shortcode 0 <= 1.0.2

References

https://patchstack.com/database/Wordpress/Plugin/codepen-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2024

CVE-2024-50440 Data

JSON