Stored XSS Vulnerability in Sell Media File with Stripe by naa986
CVE-2024-51892

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Sell Media File With Stripe
Vendor: CVE Published:; 19 November 2024

What is CVE-2024-51892?

A vulnerability in the Sell Media File with Stripe plugin allows for stored cross-site scripting (XSS), where attackers can inject malicious scripts into web pages. This exploit affects users interacting with affected versions, potentially leading to unauthorized actions or data exposure. It is crucial for users of this plugin to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Sell Media File with Stripe 0 <= 1.0.6

References

https://patchstack.com/database/Wordpress/Plugin/sell-med...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2024

CVE-2024-51892 Data

JSON

WordPress

What is CVE-2024-51892?

Affected Version(s)

References

CVSS V3.1

Timeline