PT-2020-15681 · Rednumber · Wp Plugin Rednumber Admin Menu
Published
2020-08-26
·
Updated
2024-02-14
·
CVE-2020-24316
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Plugin Rednumber Admin Menu versions 1.1 and lower
Description
The issue is related to a reflected XSS vulnerability. It occurs because the
role GET parameter value is not sanitized before being echoed back to the user. This allows attackers to exploit the issue using a specially crafted URL.Recommendations
For WP Plugin Rednumber Admin Menu versions 1.1 and lower, consider updating to a version that addresses this issue, as the current version does not properly sanitize the
role parameter. As a temporary workaround, avoid using the role parameter in URLs to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Plugin Rednumber Admin Menu