CVE-2024-8189

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 57.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Thangnv27 WP Multitasking – WP Utilities Ngothang WP Multitasking

Timeline

PublishedSep 28

Description

The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfil…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:NExploitability: 1.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5thangnv27/wp_multitasking_–_wp_utilities0.1.17

▶NVDngothang/wp_multitasking0.1.17

Patches

Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-7x69-778c-9r5h: The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all version↗2024-09-28

▶

CVEList

WP MultiTasking - WP Utilities <= 0.1.17 - Authenticated (Administrator+) Stored Cross-Site Scripting↗2024-09-28

▶