CVE-2024-49695

NVD Published Date: October 24, 2024 at 01:15 PM

NVD Last Modified: November 08, 2024 at 03:20 PM

Download Patch

Vulnerability ID

CVE-2024-49695

Severity

MEDIUM

Severity Score

5.4

Summary

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.3.

References

https://patchstack.com/database/vulnerability/wp-imageflow2/wordpress-wp-flow-plus-plugin-5-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve

Mitigation and Patches

Exploits

Metasploit Payload

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE ID

CWE-79

Recent Publish

KB5044091

KB5044092

CVE-2024-10278

CVE-2024-10279

KB5044095

KB5044096

See SecOps Solution
in action

Schedule Demo

CVE-2024-49695

Recent Publish

See SecOps Solution
in action

Products

Compare

Company

Resources

Try It

CVE-2024-49695

Recent Publish

See SecOps Solutionin action

Products

Compare

Company

Resources

Try It

See SecOps Solution
in action