CVE-2024-44002

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.8%

top 26.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pickplugins Team Showcase

Timeline

PublishedSep 18

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Team Showcase team allows Reflected XSS.This issue affects Team Showcase: from n/a through <= 1.22.25.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5pickplugins/team_showcase1.22.25

▶NVDpickplugins/team_showcase1.22.25

🔴Vulnerability Details

GHSA

GHSA-r6pq-mqf9-2pr7: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflecte↗2024-09-18

▶

CVEList

WordPress Team Showcase plugin <= 1.22.25 - Reflected Cross Site Scripting (XSS) vulnerability↗2024-09-17

▶