Cron Jobs plugin vulnerable to Reflected Cross-Site Scripting
CVE-2024-8731

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Cron Jobs
Vendor: CVE Published:; 13 September 2024

Summary

The Cron Jobs plugin for WordPress has a security flaw stemming from the use of add_query_arg without adequate escaping in the URL. This vulnerability allows unauthenticated attackers to inject malicious web scripts into webpages, posing a risk if users are tricked into clicking on compromised links. All versions of the plugin up to and including version 1.2.9 are affected, necessitating prompt action to secure WordPress installations.

Affected Version(s)

Cron Jobs * <= 1.2.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/leira-cron-job...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Sep 11, 2024

Credit

Dale Mavers