Cross-site Scripting Vulnerability in Post Grid Team's WPXPO PostX Plugin
CVE-2024-50513

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Postx
Vendor: CVE Published:; 19 November 2024

What is CVE-2024-50513?

The WPXPO PostX plugin is susceptible to an input validation flaw that enables stored cross-site scripting (XSS) attacks. This vulnerability arises when user input is improperly sanitized during the generation of web pages. As a result, an attacker may exploit this weakness to inject malicious scripts, potentially affecting all users who view the compromised content. Users are urged to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

PostX 0 <= 4.1.15

References

https://patchstack.com/database/Wordpress/Plugin/ultimate...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2024

CVE-2024-50513 Data

JSON

WordPress

What is CVE-2024-50513?

Affected Version(s)

References

CVSS V3.1

Timeline