CVE-2024-2375Cross-site Scripting in Wpqa Builder

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 73.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
2code Wpqa Builder
Timeline
PublishedJul 3

Description

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVD2code/wpqa_builder< 6.1.1

🔴Vulnerability Details

2
CVEList
WPQA < 6.1.1 - Contributor+ Stored XSS2024-07-03
GHSA
GHSA-2gf8-64pg-49p7: The WPQA Builder WordPress plugin before 62024-07-03
CVE-2024-2375 — Cross-site Scripting in Wpqa Builder | cvebase