CSRF Vulnerability in Essential Breadcrumbs Allows Stored XSS
CVE-2024-53778

7.1HIGH

Key Information:

Vendor: WordPress
Status: Essential Breadcrumbs
Vendor: CVE Published:; 30 November 2024

What is CVE-2024-53778?

A Cross-Site Request Forgery (CSRF) vulnerability in the Essential Breadcrumbs plugin from Essential Marketer has been identified, allowing for potential Stored Cross-Site Scripting (XSS) attacks. This vulnerability can exploit users by manipulating their actions without their consent, particularly affecting versions of Essential Breadcrumbs from 'n/a' up to 1.1.1. Attackers could craft malicious requests that hijack user sessions, leading to unauthorized actions and potential data exposure. It is essential to apply necessary security patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Essential Breadcrumbs <= 1.1.1

References

https://patchstack.com/database/wordpress/plugin/essentia...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

SOPROBRO (Patchstack Alliance)