CVE-2024-7313
published 2024-08-26CVE-2024-7313: The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected…
PriorityP333medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.44%
70.0th percentile
The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| getshieldsecurity | shield_security | < 20.0.6 | 20.0.6 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Shield Security Plugin < 20.0.6 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2024-7313 [MEDIUM] Shield Security Plugin < 20.0.6 - Cross-Site Scripting
Shield Security Plugin alert(document.domain) HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "alert(document.domain)"
- "Unavailable nav handling:"
condition: and
- type: word
part: header_2
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022023164385092ececa199b02a3a102c9004c57693e97935cbcc0c3e09438ff1095022100fd94582b01d6ce9bbeea89ddb5057940882110ed80684aa99a8594987e4911d9:922c64590222798bb761d5b6d8e72950
2024-08-26
Published