Lucene search

[email protected]CVE-2024-33643

HistoryApr 29, 2024 - 5:15 a.m.

CVE-2024-33643

2024-04-2905:15:06

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

kailey lampert

advanced most recent posts mod

vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2.

Affected configurations

Vulners

Node

kailey_lampertadvanced_most_recent_posts_modRange≤1.6.5.2

VendorProductVersionCPE
kailey_lampertadvanced_most_recent_posts_mod*cpe:2.3:*:kailey_lampert:advanced_most_recent_posts_mod:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kailey_lampert	advanced_most_recent_posts_mod	*	cpe:2.3::kailey_lampert:advanced_most_recent_posts_mod::::::::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "advanced-most-recent-posts-mod",
    "product": "Advanced Most Recent Posts Mod",
    "vendor": "Kailey Lampert",
    "versions": [
      {
        "lessThanOrEqual": "1.6.5.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/advanced-most-recent-posts-mod/wordpress-advanced-most-recent-posts-mod-plugin-1-6-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve