Reflected Cross-Site Scripting Vulnerability in WP Extended Plugin
CVE-2024-8119

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
The Ultimate WordPress Toolkit – WP Extended
Vendor
CVE Published:
4 September 2024

What is CVE-2024-8119?

The WP Extended plugin for WordPress is susceptible to a reflected cross-site scripting vulnerability that arises from inadequate input sanitization and output escaping processes. This flaw allows unauthenticated attackers to exploit the vulnerability by injecting arbitrary web scripts through the page parameter. If users are tricked into interacting, such as clicking on a malicious link, the scripts can execute in their browsers. This can lead to session hijacking, data theft, or other malicious activities that compromise user security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

The Ultimate WordPress Toolkit – WP Extended * <= 3.0.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/wpextended/tru...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marco Wotschka
JSON
.