CVE-2024-8189

NVD Published Date: September 28, 2024 at 01:15 PM
NVD Last Modified: October 07, 2024 at 03:44 PM
Download Patch
Vulnerability ID
CVE-2024-8189
Severity
MEDIUM
Severity Score
4.8
Summary
The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
References
Mitigation and Patches
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE ID
CWE-79

Recent Publish

CVE-2024-46831

CVE-2024-46808

CVE-2023-20198

CVE-2024-1709

CVE-2024-8546

CVE-2024-4657

See More ...

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud Agent Tenable Nessus Rapid7 InsightVM
Company
About Us Contact Career
Resources
Blog Sample Reports CVE Windows KB Case Studies eBooks Policy Templates Webinar
Try It
Patch Astra EPSS Calculator Contact Free Scan Schedule Demo Log In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :