Cross-site Scripting Vulnerability in AdWork Media EZ Content Locker
CVE-2024-56025

7.1HIGH

Key Information:

Vendor: WordPress
Status: Adwork Media Ez Content Locker
Vendor: CVE Published:; 2 January 2025

What is CVE-2024-56025?

A reflected cross-site scripting vulnerability has been identified in AdWork Media EZ Content Locker, potentially affecting users who interact with the compromised web page. This issue arises from improper handling of user input, which allows attackers to inject malicious scripts that execute in the context of any user's browser session. The vulnerability spans versions up to 3.0. Attackers exploiting this weakness can manipulate the user's experience or steal sensitive information, emphasizing the need for robust input validation strategies to mitigate the associated risks.

Affected Version(s)

AdWork Media EZ Content Locker 0 <= 3.0

References

https://patchstack.com/database/Wordpress/Plugin/adwork-m...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 14, 2024

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)

CVE-2024-56025 Data

JSON