Cross-Site Scripting Vulnerability in Ryan Scott's Visual Recent Posts Plugin
CVE-2024-54403

7.1HIGH

Key Information:

Vendor: WordPress
Status: Visual Recent Posts
Vendor: CVE Published:; 16 December 2024

Summary

CVE-2024-54403 is a Cross-Site Scripting (XSS) vulnerability discovered in the Visual Recent Posts plugin developed by Ryan Scott. This vulnerability allows for the improper neutralization of input during web page generation, enabling attackers to inject malicious scripts into the affected web page. As a result, users can be subjected to reflected XSS attacks, which can lead to potential data theft or session hijacking. The flaw is present in all versions of Visual Recent Posts up to and including version 1.2.3, making it critical for users of this plugin to apply patches or updates to mitigate this security risk.

Affected Version(s)

Visual Recent Posts <= 1.2.3

References

https://patchstack.com/database/wordpress/plugin/visual-r...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

SOPROBRO (Patchstack Alliance)