The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
History

Mon, 09 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Simple Side Tab
Simple Side Tab simple Side Tab
Weaknesses CWE-79
CPEs cpe:2.3:a:simple_side_tab:simple_side_tab:*:*:*:*:*:*:*:*
Vendors & Products Simple Side Tab
Simple Side Tab simple Side Tab
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 07 Dec 2024 06:15:00 +0000

Type Values Removed Values Added
Description The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Title Simple Side Tab < 2.2.0 - Admin+ Stored XSS
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-12-07T06:00:04.979Z

Updated: 2024-12-09T16:20:38.394Z

Reserved: 2024-11-13T15:40:41.875Z

Link: CVE-2024-11183

cve-icon Vulnrichment

Updated: 2024-12-09T16:20:31.123Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-07T06:15:17.760

Modified: 2024-12-09T17:15:08.327

Link: CVE-2024-11183

cve-icon Redhat

No data.