CVE-2024-11410

Name of the Vulnerable Software and Affected Versions YooBar plugin for WordPress versions up to, and including, 2.0.6

Description The YooBar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Yoo Bar settings due to insufficient input sanitization and output escaping. This allows authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Recommendations For YooBar plugin for WordPress versions up to, and including, 2.0.6, update to a version higher than 2.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the Yoo Bar settings to minimize the risk of exploitation. Restrict Contributor-level access and above to prevent authenticated attackers from injecting arbitrary web scripts.