Stored Cross-Site Scripting Vulnerability in Easy Pixels Plugin
CVE-2024-5479
7.2HIGH
Summary
The Easy Pixels plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to inadequate input sanitization and output escaping mechanisms. This allows unauthenticated attackers to inject malicious web scripts, which can be executed when users access compromised pages. The vulnerability affects all versions of the plugin up to and including 2.13. To mitigate risks, updating to the latest version or applying security measures is crucial.
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published