Unfiltered HTML Settings Vulnerability in WP ULike Plugin Allows Cross-Site Scripting
CVE-2024-7879
Key Information:
Badges
Summary
The WP ULike WordPress plugin versions before 4.7.5 contains a vulnerability stemming from inadequate sanitization and escaping of certain settings. This weakness could enable users with high-level privileges, such as editors, to carry out Cross-Site Scripting attacks even in environments where the option to use unfiltered HTML is disabled. This XSS flaw poses a significant security risk, as it may allow the execution of malicious scripts, potentially compromising site security and user data.
Affected Version(s)
WP ULike 0 < 4.7.5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved