CVE-2024-2375 WPQA < 6.1.1 - Contributor+ Stored XSS

2024-07-0306:00:04

WPScan

github.com

cve-2024-2375 wordpress plugin slider stored xss cross-site scripting attack

AI Score

5.8

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:*:*:*"
    ],
    "vendor": "2code",
    "product": "wpqa_builder",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "6.1.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]