Reflected XSS Vulnerability in Team Showcase and Slider – Team Members Builder
CVE-2024-51763

7.1HIGH

Key Information:

Vendor: WordPress
Status: Team Showcase And Slider – Team Members Builder
Vendor: CVE Published:; 9 November 2024

What is CVE-2024-51763?

The Team Showcase and Slider – Team Members Builder plugin developed by Biplob Adhikari contains a reflected cross-site scripting (XSS) vulnerability that arises from improper handling of input during web page generation. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions, data theft, or session hijacking. The vulnerability impacts versions from n/a up to 1.3, highlighting the importance of prompt updates and secure coding practices to mitigate XSS risks.

Affected Version(s)

Team Showcase and Slider – Team Members Builder <= 1.3

References

https://patchstack.com/database/vulnerability/team-showca...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Nov 1, 2024

Credit

Mika (Patchstack Alliance)