OpenCVE

The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Yadisk Files	Yadisk Files

No data.

No data.

References

Link	Providers
https://wpscan.com/vulnerability/114aeaf7-32a5-4510-a497-92cc0951b022/

History

Mon, 25 Nov 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Yadisk Files Yadisk Files yadisk Files
CPEs		cpe:2.3:a:yadisk_files:yadisk_files::::::::
Vendors & Products		Yadisk Files Yadisk Files yadisk Files
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 25 Nov 2024 06:15:00 +0000

Type	Values Removed	Values Added
Title		YaDisk Files <= 1.2.5 - Contributor+ Stored XSS via Shortcode

Mon, 25 Nov 2024 06:45:00 +0000

Type	Values Removed	Values Added
Description		The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
References		https://wpscan.com/vulnerability/114aeaf7-32a5-4510-a497-92cc0951b022/

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-11-25T06:00:01.883Z

Updated: 2024-11-25T20:41:38.302Z

Reserved: 2024-11-01T19:51:27.086Z

Link: CVE-2024-10709

Vulnrichment

Updated: 2024-11-25T20:35:23.881Z

NVD

Status : Received

Published: 2024-11-25T06:15:04.573

Modified: 2024-11-25T21:15:08.837

Link: CVE-2024-10709

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10709", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-11-01T19:51:27.086Z", "datePublished": "2024-11-25T06:00:01.883Z", "dateUpdated": "2024-11-25T20:41:38.302Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-11-25T06:00:01.883Z"}, "title": "YaDisk Files <= 1.2.5 - Contributor+ Stored XSS via Shortcode", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "YaDisk Files", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "1.2.5"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."}], "references": [{"url": "https://wpscan.com/vulnerability/114aeaf7-32a5-4510-a497-92cc0951b022/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Bob Matyas", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"affected": [{"vendor": "yadisk_files", "product": "yadisk_files", "cpes": ["cpe:2.3:a:yadisk_files:yadisk_files:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.5", "versionType": "semver"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-25T20:34:03.450419Z", "id": "CVE-2024-10709", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T20:41:38.302Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-10709", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-25T20:34:03.450419Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:yadisk_files:yadisk_files:*:*:*:*:*:*:*:*"], "vendor": "yadisk_files", "product": "yadisk_files", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.5"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T20:35:23.881Z"}}], "cna": {"title": "YaDisk Files <= 1.2.5 - Contributor+ Stored XSS via Shortcode", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Bob Matyas"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "YaDisk Files", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.5"}], "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/114aeaf7-32a5-4510-a497-92cc0951b022/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-79 Cross-Site Scripting (XSS)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-11-25T06:00:01.883Z"}}}, "cveMetadata": {"cveId": "CVE-2024-10709", "state": "PUBLISHED", "dateUpdated": "2024-11-25T20:41:38.302Z", "dateReserved": "2024-11-01T19:51:27.086Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-11-25T06:00:01.883Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}