Lucene search

PatchstackCVE-2024-34418

HistoryMay 14, 2024 - 3:38 p.m.

CVE-2024-34418

2024-05-1415:38:56

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-34418

cross-site scripting

tech9logy creators

wordpress custom search

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.This issue affects WPCS ( WordPress Custom Search ): from n/a through 1.1.

Affected configurations

Vulners

Vulnrichment

Node

tech9logy_creatorswpcs_\(_wordpress_custom_search_\)Range≤1.1wordpress

VendorProductVersionCPE
tech9logy_creatorswpcs_\(_wordpress_custom_search_\)*cpe:2.3:a:tech9logy_creators:wpcs_\(_wordpress_custom_search_\):*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
tech9logy_creators	wpcs_\(_wordpress_custom_search_\)	*	cpe:2.3:a:tech9logy_creators:wpcs_\(_wordpress_custom_search_\)::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wpcs-wp-custom-search",
    "product": "WPCS ( WordPress Custom Search )",
    "vendor": "Tech9logy Creators",
    "versions": [
      {
        "lessThanOrEqual": "1.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wpcs-wp-custom-search/wordpress-wpcs-wordpress-custom-search-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve