Unprotected Against Reflected Cross-Site Scripting in Easy Pricing Tables
CVE-2024-8871
6.1MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 30 October 2024
Summary
The Easy Pricing Tables plugin for WordPress contains a vulnerability that allows unauthenticated attackers to initiate Reflected Cross-Site Scripting (XSS) attacks. This is due to the improper handling of user input with the add_query_arg function, which fails to adequately escape URL parameters. As a result, attackers could inject malicious scripts into web pages, exploiting unsuspecting users who are tricked into clicking on specially crafted links. This vulnerability affects all versions of the plugin up to and including 3.2.5, posing a significant risk to the security of websites utilizing this plugin.
Affected Version(s)
Pricing Tables WordPress Plugin – Easy Pricing Tables * <= 3.2.5
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dale Mavers