CVE-2024-5713

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 46.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown If-so Dynamic Content Personalization If-so If-so

Timeline

PublishedJul 13

Description

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/if-so_dynamic_content_personalization< 1.8.0.4

▶NVDif-so/if-so< 1.8.0.4

🔴Vulnerability Details

GHSA

GHSA-fgr7-28x3-54q4: The If-So Dynamic Content Personalization WordPress plugin before 1↗2024-07-13

▶

CVEList

if-so < 1.8.0.4 - Reflected XSS↗2024-07-13

▶