The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Metrics
Affected Vendors & Products
References
History
Tue, 20 May 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
If-so
If-so if-so |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:if-so:if-so:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
If-so
If-so if-so |

Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-08-01T21:18:07.087Z
Reserved: 2024-06-06T19:18:06.589Z
Link: CVE-2024-5713

Updated: 2024-08-01T21:18:07.087Z

Status : Analyzed
Published: 2024-07-13T06:15:05.313
Modified: 2025-05-20T18:19:40.873
Link: CVE-2024-5713

No data.

No data.