Stored Cross-Site Scripting Vulnerability Affects Add Widget After Content Plugin

CVE-2024-9892

What is CVE-2024-9892?

The Add Widget After Content plugin for WordPress has a vulnerability that allows for Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in its admin settings. This loophole enables authenticated users with administrator-level permissions to insert arbitrary web scripts into pages. When users visit the compromised pages, the injected scripts are executed. It's important to note that this vulnerability affects only multi-site installations and setups where unfiltered_html has been disabled.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References