Geotagged Media Vulnerable to Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2024-51694

7.1HIGH

Key Information:

Vendor: WordPress
Status: Geotagged Media
Vendor: CVE Published:; 9 November 2024

Summary

The vulnerability in the Digfish Geotagged Media plugin is characterized by improper neutralization of user inputs during web page generation, specifically allowing for reflected Cross-Site Scripting (XSS) attacks. This issue primarily affects versions from n/a up to 0.3.0, enabling potential attackers to inject malicious scripts into web pages viewed by users. As a result, this could lead to unauthorized access to sensitive information or manipulation of webpage content. To mitigate these risks, it's crucial for users of Geotagged Media to evaluate their current versions and apply necessary updates or patches.

Affected Version(s)

Geotagged Media <= 0.3.0

References

https://patchstack.com/database/vulnerability/geotagged-m...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 30, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)