CVE-2024-1384

NVD Published Date: August 29, 2024 at 01:15 PM
NVD Last Modified: August 29, 2024 at 01:25 PM
Download Patch
Vulnerability ID
CVE-2024-1384
Severity
MEDIUM
Severity Score
6.4
Summary
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE ID
CWE-79

Recent Publish

CVE-2024-3679

CVE-2024-8301

CVE-2024-2541

CVE-2024-8297

CVE-2024-8296

2024-02 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5034795)

See SecOps Solution
in action

Schedule Demo