The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:tezzeract:league_of_legends_shortcodes:*:*:*:*:*:wordpress:*:* |
Fri, 25 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Tezzeract
Tezzeract league Of Legends Shortcodes |
|
CPEs | cpe:2.3:a:tezzeract:league_of_legends_shortcodes:*:*:*:*:*:*:*:* | |
Vendors & Products |
Tezzeract
Tezzeract league Of Legends Shortcodes |
|
Metrics |
ssvc
|
Fri, 25 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
Title | League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-10-25T07:37:58.443Z
Updated: 2024-10-25T20:25:51.703Z
Reserved: 2024-10-24T12:37:10.292Z
Link: CVE-2024-10342
Vulnrichment
Updated: 2024-10-25T20:25:44.427Z
NVD
Status : Analyzed
Published: 2024-10-25T08:15:02.670
Modified: 2024-11-05T17:52:00.610
Link: CVE-2024-10342
Redhat
No data.