Stored Cross-Site Scripting Vulnerability in Easy Pixels Plugin
CVE-2024-5479

7.2HIGH

Key Information:

Vendor

Wordpress
Vendor
CVE Published:
9 July 2024

What is CVE-2024-5479?

The Easy Pixels plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to inadequate input sanitization and output escaping mechanisms. This allows unauthenticated attackers to inject malicious web scripts, which can be executed when users access compromised pages. The vulnerability affects all versions of the plugin up to and including 2.13. To mitigate risks, updating to the latest version or applying security measures is crucial.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/easy-pixels-by...
https://plugins.trac.wordpress.org/browser/easy-pixels-by...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.
CVE-2024-5479 : Stored Cross-Site Scripting Vulnerability in Easy Pixels Plugin