The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Fri, 25 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tezzeract
Tezzeract league Of Legends Shortcodes |
|
CPEs | cpe:2.3:a:tezzeract:league_of_legends_shortcodes:*:*:*:*:*:*:*:* | |
Vendors & Products |
Tezzeract
Tezzeract league Of Legends Shortcodes |
|
Metrics |
ssvc
|
Fri, 25 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
Title | League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-10-25T07:37:58.443Z
Updated: 2024-10-25T20:25:51.703Z
Reserved: 2024-10-24T12:37:10.292Z
Link: CVE-2024-10342
Vulnrichment
Updated: 2024-10-25T20:25:44.427Z
NVD
Status : Awaiting Analysis
Published: 2024-10-25T08:15:02.670
Modified: 2024-10-25T12:56:07.750
Link: CVE-2024-10342
Redhat
No data.