Infinite Slider Vulnerable to Reflected Cross-site Scripting
CVE-2024-52461

7.1HIGH

Key Information:

Vendor: Wordpress
Status: Infinite Slider
Vendor: CVE Published:; 2 December 2024

What is CVE-2024-52461?

The Infinite Slider plugin developed by Kinsta for WordPress is exposed to a reflected cross-site scripting (XSS) vulnerability due to improper handling of user input during web page generation. This vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions and data theft. It affects all versions of the Infinite Slider plugin up to and including version 2.0.1, emphasizing the need for immediate updates and security measures.

Affected Version(s)

Infinite Slider <= 2.0.1

References

https://patchstack.com/database/wordpress/plugin/infinite...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 11, 2024

Credit

SOPROBRO (Patchstack Alliance)