Cross-site Scripting Vulnerability in GS Coaches by GS Plugins
CVE-2024-56262

6.5MEDIUM

Key Information:

Vendor: Gs Plugins
Status: Gs Coaches
Vendor: CVE Published:; 2 January 2025

Summary

A Stored Cross-site Scripting (XSS) vulnerability exists in the GS Coaches product developed by GS Plugins, allowing an attacker to inject malicious scripts into web pages viewed by users. This security flaw can lead to unauthorized actions taken by users without their consent, compromising the security of the web application. Effective input sanitization measures are essential to mitigate the risk posed by this vulnerability, particularly for versions of GS Coaches prior to 1.1.0.

Affected Version(s)

GS Coaches <= 1.1.0

References

https://patchstack.com/database/wordpress/plugin/gs-coach...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

SOPROBRO (Patchstack Alliance)