The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Silkypress
Silkypress wp Image Zoom |
|
CPEs | cpe:2.3:a:silkypress:wp_image_zoom:*:*:*:*:*:*:*:* | |
Vendors & Products |
Silkypress
Silkypress wp Image Zoom |
|
Metrics |
cvssV3_1
|
Wed, 06 Nov 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |
Title | Wp-ImageZoom <= 1.1.0 - Reflected XSS | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-11-06T06:00:07.117Z
Updated: 2024-11-06T15:50:06.837Z
Reserved: 2024-10-14T13:08:44.788Z
Link: CVE-2024-9934
Vulnrichment
Updated: 2024-11-06T15:46:19.983Z
NVD
Status : Awaiting Analysis
Published: 2024-11-06T06:15:03.973
Modified: 2024-11-06T18:17:17.287
Link: CVE-2024-9934
Redhat
No data.