Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') Vulnerability in PropertyShift
CVE-2024-51762

7.1HIGH

Key Information:

Vendor: WordPress
Status: Propertyshift
Vendor: CVE Published:; 9 November 2024

Summary

A reflected Cross-Site Scripting (XSS) vulnerability exists in PropertyShift due to improper neutralization of input when generating web pages. This flaw allows an attacker to inject malicious scripts into responses, which are then executed in the user's browser without their consent. Users visiting compromised URLs may experience UI manipulation or data theft, undermining the web application’s integrity and user security. The vulnerability impacts all versions of PropertyShift up to 1.0.0, emphasizing the urgency for users to secure their installations against potential exploitation.

Affected Version(s)

PropertyShift <= 1.0.0

References

https://patchstack.com/database/vulnerability/propertyshi...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Nov 1, 2024

Credit

Mika (Patchstack Alliance)