Reflected Cross-Site Scripting Vulnerability in WP Extended Plugin
CVE-2024-8119

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: The Ultimate WordPress Toolkit – WP Extended
Vendor: CVE Published:; 4 September 2024

Summary

The WP Extended plugin for WordPress is susceptible to a reflected cross-site scripting vulnerability that arises from inadequate input sanitization and output escaping processes. This flaw allows unauthenticated attackers to exploit the vulnerability by injecting arbitrary web scripts through the page parameter. If users are tricked into interacting, such as clicking on a malicious link, the scripts can execute in their browsers. This can lead to session hijacking, data theft, or other malicious activities that compromise user security.

Affected Version(s)

The Ultimate WordPress Toolkit – WP Extended * <= 3.0.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wpextended/tru...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 4, 2024
Vulnerability Reserved
Aug 23, 2024

Credit

Marco Wotschka