The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Adbuddy Plus Wordpress |
|
No data.
No data.
References
History
Fri, 29 Nov 2024 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Adbuddy Plus Wordpress
Adbuddy Plus Wordpress adbuddy Plus Wordpress |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:adbuddy_plus_wordpress:adbuddy_plus_wordpress:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Adbuddy Plus Wordpress
Adbuddy Plus Wordpress adbuddy Plus Wordpress |
|
| Metrics |
cvssV3_1
|
Thu, 28 Nov 2024 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |
| Title | adBuddy+ (AdBlocker Detection) by NetfunkDesign <= 1.1.3 - Admin+ Stored XSS | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-11-28T06:00:10.944Z
Updated: 2024-11-29T15:43:46.794Z
Reserved: 2024-10-29T18:00:12.790Z
Link: CVE-2024-10510
Vulnrichment
Updated: 2024-11-29T15:43:39.413Z
NVD
Status : Awaiting Analysis
Published: 2024-11-28T06:15:08.120
Modified: 2024-11-29T16:15:08.733
Link: CVE-2024-10510
Redhat
No data.