CVE-2024-6708
Severity
4.8MEDIUM
EPSS
0.2%
top 62.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 15
Description
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7