Cross-site Scripting Vulnerability in Lemonade Social Networks Autoposter by Lemonade Coding Studio
CVE-2024-56028

7.1HIGH

Key Information:

Vendor: WordPress
Status: Lemonade Social Networks Autoposter Pinterest
Vendor: CVE Published:; 2 January 2025

What is CVE-2024-56028?

The vulnerability presents an improper neutralization of user inputs during web page generation, commonly known as a Cross-site Scripting (XSS) issue. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Specifically, the flaw is found in versions of the Lemonade Social Networks Autoposter for Pinterest, affecting products up to version 2.0. Users can be exposed to unintended actions and data exposure if they interact with compromised web pages. Protecting against such vulnerabilities is crucial for maintaining the integrity and security of user data in web applications.

Affected Version(s)

Lemonade Social Networks Autoposter Pinterest <= 2.0

References

https://patchstack.com/database/wordpress/plugin/lemonade...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 14, 2024

Credit

Mika (Patchstack Alliance)