CVE-2024-29138
published 2024-03-19CVE-2024-29138: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joachim Jensen Restrict User Access – Membership Plugin…
PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.62%
45.3th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through <= 2.5.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dev.institute | restrict_user_access | <= 2.5 | — |
| joachim_jensen | restrict_user_access_membership_plugin_with_force | <= 2.5 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qm75-22fr-fxmp: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEV Institute Restrict User Access – Membership
ghsa_unreviewed·2024-03-19
CVE-2024-29138 [HIGH] CWE-79 GHSA-qm75-22fr-fxmp: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEV Institute Restrict User Access – Membership
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEV Institute Restrict User Access – Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through 2.5.
VulnCheck
dev.institute restrict_user_access Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2024·CVSS 6.1
CVE-2024-29138 [MEDIUM] dev.institute restrict_user_access Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
dev.institute restrict_user_access Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through <= 2.5.
Affected: dev.institute restrict_user_access
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/wordpress/plugin/restrict-user-access/vulnerability/wordpress-restrict-user-access-plugin-2-5-reflected-cross-site-scripting-xss-vu
No detection rules found.
Nuclei
WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2024-29138 [MEDIUM] WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
WordPress Restrict User Access
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "\">","restrict-user-access")'
condition: and
# digest: 4a0a00473045022000f30610943fba17f096e653baa2b3252e2adbbcedb4107f1fdfcbffb6cee92d022100b963cdf58e36de5e03602a34ebb753579805ab03fc5166f9ea43cf339408764b:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://patchstack.com/database/Wordpress/Plugin/restrict-user-access/vulnerability/wordpress-restrict-user-access-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/restrict-user-access/wordpress-restrict-user-access-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
2024-03-19
Published
Exploited in the wild