Plugin Vulnerability: Stored Cross-Site Scripting (XSS) in Advanced WordPress Backgrounds
CVE-2024-8045

5.4MEDIUM

Key Information:

Vendor

Wordpress
Status
Advanced WordPress Backgrounds
Vendor
CVE Published:
11 September 2024

What is CVE-2024-8045?

The Advanced WordPress Backgrounds plugin for WordPress has a vulnerability that allows authenticated attackers with Contributor-level access or above to exploit an insufficient input sanitization and output escaping flaw via the ‘imageTag’ parameter. By injecting arbitrary web scripts into pages, attackers can manipulate the content delivered to users who access those pages, potentially leading to session hijacking, data theft, or other malicious actions. This vulnerability highlights the importance of robust code validation and user input sanitization within web applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Advanced WordPress Backgrounds * <= 1.12.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/advanced-backg...
https://wordpress.org/plugins/advanced-backgrounds/#devel...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Craig Smith
JSON
.