The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Metrics
Affected Vendors & Products
References
History
Sat, 21 Dec 2024 07:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |
Title | Ebook Store <= 5.8001 - Reflected Cross-Site Scripting | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-21T07:02:58.343Z
Updated: 2024-12-21T07:02:58.343Z
Reserved: 2024-11-15T20:21:08.450Z
Link: CVE-2024-11287
Vulnrichment
No data.
NVD
Status : Received
Published: 2024-12-21T07:15:08.053
Modified: 2024-12-21T07:15:08.053
Link: CVE-2024-11287
Redhat
No data.