Cross-site Scripting Vulnerability in PostX by WPXPO
CVE-2024-53818

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Postx
Vendor: CVE Published:; 9 December 2024

What is CVE-2024-53818?

A Cross-site Scripting (XSS) vulnerability exists in the PostX plugin by WPXPO, permitting attackers to store and execute malicious scripts on users' browsers. When exploited, this vulnerability can compromise user sessions, redirect users to malicious sites, and lead to unauthorized access to sensitive information. The affected versions range from the earliest release through 4.1.15, underscoring the necessity for users to update to the latest version to mitigate potential risks.

Affected Version(s)

PostX 0 <= 4.1.15

References

https://patchstack.com/database/Wordpress/Plugin/ultimate...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024

CVE-2024-53818 Data

JSON

WordPress

What is CVE-2024-53818?

Affected Version(s)

References

CVSS V3.1

Timeline