Cross-Site Scripting Vulnerability in Irshad Services Customer Update Plugin
CVE-2024-56034

7.1HIGH

Key Information:

Vendor: WordPress
Status: Services Updates For Customers
Vendor: CVE Published:; 2 January 2025

What is CVE-2024-56034?

A reflected Cross-Site Scripting (XSS) vulnerability exists in the Service Updates for Customers plugin developed by Irshad Services. This security flaw allows an attacker to inject malicious scripts into the web pages viewed by other users, potentially compromising sensitive data or hijacking user sessions. The vulnerability affects versions ranging from unspecified to 1.0. It is crucial for users to apply the latest updates to mitigate potential exploitation of this vulnerability and enhance their web application security posture.

Affected Version(s)

Services updates for customers <= 1.0

References

https://patchstack.com/database/wordpress/plugin/service-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 14, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)