Reflected XSS Vulnerability in Bing Search API Integration
CVE-2024-51692

7.1HIGH

Key Information:

Vendor: WordPress
Status: Bing Search Api Integration
Vendor: CVE Published:; 9 November 2024

Summary

The Bing Search API Integration by Askew Brook is susceptible to a reflected cross-site scripting (XSS) vulnerability, stemming from inadequate input neutralization during web page generation. This flaw enables attackers to inject malicious scripts through vulnerable request parameters, potentially compromising the security of user sessions and data integrity. The vulnerability affects versions from n/a through 0.3.3, making it crucial for users to assess their systems and apply necessary security measures to mitigate the risks associated with such vulnerabilities.

Affected Version(s)

Bing Search API Integration <= 0.3.3

References

https://patchstack.com/database/vulnerability/abbs-bing-s...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 30, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)