CVE-2024-4616 — Cross-site Scripting in Verma Widget Bundle

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

1.1%

top 22.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Devnath Verma Widget Bundle

Timeline

PublishedJun 21

Description

The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDdevnath_verma/widget_bundle2.0.0

🔴Vulnerability Details

CVEList

Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS↗2024-06-21

▶

GHSA

GHSA-fx33-m9m3-pm96: The Widget Bundle WordPress plugin through 2↗2024-06-21

▶