CVE-2024-10568

Published Dec 12, 2024

Last updated 10 months ago

CVSS medium 4.7

Overview

Description: The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Source: contact@wpscan.com
NVD status: Analyzed
Products: ajax_search

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.7
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

CVE-2024-10568 The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at... https://t.co/VOWwnSEYiJ
@VulmonFeeds
12 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:lite:wordpress:*:*",
            "matchCriteriaId": "C0039B4D-0D48-4046-98B9-DAD4E48CBDC0",
            "versionEndExcluding": "4.12.4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References