CVE-2024-2444 — Cross-site Scripting in Inline Related Posts

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 57.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Data443 Inline Related Posts

Timeline

PublishedApr 6

Description

The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDdata443/inline_related_posts< 3.5.0

🔴Vulnerability Details

CVEList

Inline Related Posts < 3.5.0 - Admin+ Stored XSS↗2024-04-06

▶

GHSA

GHSA-qg8g-vp27-m3p5: The Inline Related Posts WordPress plugin before 3↗2024-04-06

▶