Reflected Cross-Site Scripting Vulnerability in RabbitLoader Plugin
CVE-2024-8800

6.1MEDIUM

Key Information:

Vendor: Sanrl
Status: Rabbitloader – Website Speed Optimization For Improving Core Web Vital Metrics With Cache, Image Optimization, And More
Vendor: CVE Published:; 2 October 2024

Summary

The RabbitLoader plugin for WordPress, designed to optimize website speed and improve Core Web Vitals, is susceptible to a Reflected Cross-Site Scripting (XSS) vulnerability. This issue arises from the improper handling of URL parameters through the add_query_arg function without adequate escaping. As a result, unauthenticated attackers can exploit this vulnerability to inject malicious web scripts into web pages that execute when a user interacts with a compromised link. The threat poses significant risks to user data and the overall security of websites utilizing the affected plugin.

Affected Version(s)

RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more * <= 2.21.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/rabbit-loader/...

https://plugins.trac.wordpress.org/changeset/3160267/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 2, 2024
Vulnerability Reserved
Sep 13, 2024

Collectors

NVD DatabaseMitre Database

Credit

Dale Mavers