Stored Cross-Site Scripting Vulnerability Affects Add Widget After Content Plugin
CVE-2024-9892
4.8MEDIUM
What is CVE-2024-9892?
The Add Widget After Content plugin for WordPress has a vulnerability that allows for Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in its admin settings. This loophole enables authenticated users with administrator-level permissions to insert arbitrary web scripts into pages. When users visit the compromised pages, the injected scripts are executed. It's important to note that this vulnerability affects only multi-site installations and setups where unfiltered_html has been disabled.
Affected Version(s)
Add Widget After Content * <= 2.4.6