CVE-2024-11202

Name of the Vulnerable Software and Affected Versions WordPress plugins (affected versions not specified)

Description The issue is related to Reflected Cross-Site Scripting in multiple WordPress plugins due to insufficient input sanitization and output escaping in the cminds free guide shortcode. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which can be executed if a user is tricked into performing a specific action, such as clicking on a link.

Recommendations For all affected versions, consider disabling the cminds free guide shortcode until a patch is available to prevent exploitation. Restrict access to pages that utilize the vulnerable shortcode to minimize the risk of arbitrary script injection. Avoid using the cminds free guide shortcode in API endpoints or other areas where user input is processed until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.