CVE-2024-11195

NVD Published Date: November 19, 2024 at 11:15 AM
NVD Last Modified: November 19, 2024 at 09:57 PM
Download Patch
Vulnerability ID
CVE-2024-11195
Severity
None
Severity Score
None
Summary
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
None
CWE ID
CWE-79

Recent Publish

CVE-2024-11194

KB5046661

KB5046665

CVE-2024-48897

CVE-2024-48896

KB5046682

See More ...

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud Agent Tenable Nessus Rapid7 InsightVM
Company
About Us Contact Career
Resources
Blog Sample Reports CVE Windows KB Case Studies eBooks Policy Templates Webinar
Try It
Patch Astra EPSS Calculator Contact Free Scan Schedule Demo Log In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :