Reflected XSS Vulnerability in BU Section Editing by Boston University
CVE-2024-56018

7.1HIGH

Key Information:

Vendor: WordPress
Status: Bu Section Editing
Vendor: CVE Published:; 2 January 2025

Summary

The vulnerability involves an improper neutralization of input during the generation of web pages in the BU Section Editing plugin developed by Boston University. The flaw allows attackers to execute reflected cross-site scripting (XSS) attacks, whereby malicious scripts can be executed in the context of the user's browser. This can potentially compromise user data, session cookies, and lead to further attacks. The affected versions are all prior to 0.9.9, making it crucial for users to ensure their plugin is updated to prevent exploitation.

Affected Version(s)

BU Section Editing <= 0.9.9

References

https://patchstack.com/database/wordpress/plugin/bu-secti...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 14, 2024

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)