The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rdstation
Rdstation rd Station |
|
CPEs | cpe:2.3:a:rdstation:rd_station:-:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Rdstation
Rdstation rd Station |
|
Metrics |
ssvc
|
Thu, 05 Sep 2024 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
Title | RD Station <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-05T09:29:49.865Z
Updated: 2024-09-05T18:39:53.379Z
Reserved: 2024-07-18T19:45:16.126Z
Link: CVE-2024-6894
Vulnrichment
Updated: 2024-09-05T18:39:47.615Z
NVD
Status : Awaiting Analysis
Published: 2024-09-05T10:15:03.737
Modified: 2024-09-05T12:53:21.110
Link: CVE-2024-6894
Redhat
No data.