WordPress wp auto top plugin <= 2.9.3 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2024-53716

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Auto Top
Vendor: CVE Published:; 2 December 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Overtrue WP Auto Top plugin, allowing attackers to exploit the plugin potentially leading to Stored Cross-Site Scripting (XSS) issues. This vulnerability affects all versions of the plugin up to 2.9.3. Successful exploitation could enable an attacker to execute arbitrary scripts in the context of the user's browser, compromising sensitive information and site integrity.

Affected Version(s)

wp auto top <= 2.9.3

References

https://patchstack.com/database/wordpress/plugin/wp-auto-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

SOPROBRO (Patchstack Alliance)