WordPress Plugin Vulnerability Could Allow Stored Cross-Site Scripting Attacks
CVE-2024-6393

Currently unrated

Key Information:

Vendor: Wordpress
Status: Nextgen Gallery
Vendor: CVE Published:; 25 November 2024

What is CVE-2024-6393?

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

References

https://wpscan.com/vulnerability/126d1dd7-d332-47c8-ad25-...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2024

Wordpress

What is CVE-2024-6393?

References

Timeline