The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
History

Tue, 13 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Tiptoppress
Tiptoppress category Posts
Tiptoppress term-and-category-based-posts
CPEs cpe:2.3:a:tiptoppress:category_posts:*:*:*:*:*:*:*:*
cpe:2.3:a:tiptoppress:term-and-category-based-posts:*:*:*:*:*:*:*:*
Vendors & Products Tiptoppress
Tiptoppress category Posts
Tiptoppress term-and-category-based-posts
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 09 Aug 2024 06:15:00 +0000

Type Values Removed Values Added
Description The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Title Category Posts Widget (Free < 4.9.17, Pro < 4.9.13) - Admin+ Stored XSS
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-08-09T06:00:04.497Z

Updated: 2024-08-13T14:25:37.044Z

Reserved: 2024-06-19T09:51:31.613Z

Link: CVE-2024-6158

cve-icon Vulnrichment

Updated: 2024-08-13T14:25:30.738Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-12T13:38:38.913

Modified: 2024-08-13T15:35:29.740

Link: CVE-2024-6158

cve-icon Redhat

No data.