The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Tue, 19 Nov 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpeka
Wpeka wp Adcenter |
|
CPEs | cpe:2.3:a:wpeka:wp_adcenter:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Wpeka
Wpeka wp Adcenter |
Fri, 15 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 15 Nov 2024 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
Title | WP AdCenter – Ad Manager & Adsense Ads <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpadcenter_ad Shortcode | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-15T05:30:54.671Z
Updated: 2024-11-15T17:54:59.295Z
Reserved: 2024-10-17T23:28:12.665Z
Link: CVE-2024-10113
Vulnrichment
Updated: 2024-11-15T17:54:44.559Z
NVD
Status : Analyzed
Published: 2024-11-15T06:15:03.340
Modified: 2024-11-19T21:26:25.497
Link: CVE-2024-10113
Redhat
No data.