Reflected Cross-Site Scripting Vulnerability in Spartac Feedpress Generator
CVE-2024-54364

7.1HIGH

Key Information:

Vendor: WordPress
Status: Feedpress Generator
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-54364?

CVE-2024-54364 is a Reflected Cross-Site Scripting (XSS) vulnerability found in the Spartac Feedpress Generator plugin. This flaw enables attackers to inject malicious scripts into web pages generated by the application, jeopardizing user security. The vulnerability affects Feedpress Generator versions from n/a up to 1.2.1, allowing an attacker to execute arbitrary scripts within the context of users' browsers. It is crucial for users of this plugin to update to the latest version and implement mitigation strategies to protect against potential attacks.

Affected Version(s)

Feedpress Generator <= 1.2.1

References

https://patchstack.com/database/wordpress/plugin/feedpres...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

thiennv (Patchstack Alliance)