The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Metrics
Affected Vendors & Products
References
History
Tue, 08 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Yoginetwork
Yoginetwork rabbitloader |
|
CPEs | cpe:2.3:a:yoginetwork:rabbitloader:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Yoginetwork
Yoginetwork rabbitloader |
Wed, 02 Oct 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rabbitloader
Rabbitloader rabbitloader |
|
CPEs | cpe:2.3:a:rabbitloader:rabbitloader:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rabbitloader
Rabbitloader rabbitloader |
|
Metrics |
ssvc
|
Wed, 02 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |
Title | RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-10-02T07:35:29.525Z
Updated: 2024-10-02T18:17:25.210Z
Reserved: 2024-09-13T17:24:56.754Z
Link: CVE-2024-8800
Vulnrichment
Updated: 2024-10-02T18:17:18.828Z
NVD
Status : Analyzed
Published: 2024-10-02T08:15:02.510
Modified: 2024-10-08T18:59:42.310
Link: CVE-2024-8800
Redhat
No data.