Cross-site Scripting Vulnerability in Highlight Plugin by dn88
CVE-2024-56297

5.9MEDIUM

Key Information:

Vendor
WordPress
Status
Highlight
Vendor
CVE Published:
7 January 2025

Summary

The Highlight plugin developed by dn88 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts when users access compromised web pages, posing a risk to data integrity and user security. The issue occurs in versions up to 2.0.2, enabling potential exploitation of the web application. It is crucial for users and administrators to apply necessary updates and secure configurations to mitigate this risk.

Affected Version(s)

Highlight <= 2.0.2

References

https://patchstack.com/database/wordpress/plugin/highligh...
vdb-entry

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pham Van Tam (Patchstack Alliance)
.