CVE-2024-6020

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 37.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Sign-up SheetsFetchdesigns Sign-up Sheets
Timeline
PublishedSep 4

Description

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/sign-up_sheets< 2.2.13

🔴Vulnerability Details

2
GHSA
GHSA-wwjw-jqq2-7xjv: The Sign-up Sheets WordPress plugin before 22024-09-04
CVEList
Sign-up Sheets < 2.2.13 - Reflected XSS2024-09-04
CVE-2024-6020 (MEDIUM CVSS 6.1) | The Sign-up Sheets WordPress plugin | cvebase.io