PT-2024-17991 · WordPress · Website Article Monetization By Magenet
Krzysztof Zając
·
Published
2024-03-20
·
Updated
2024-03-20
·
CVE-2024-1379
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Website Article Monetization By MageNet plugin for WordPress versions up to, and including, 1.0.11
Description
The issue arises from insufficient input sanitization and output escaping, along with a missing authorization check, allowing Stored Cross-Site Scripting. This enables unauthenticated attackers to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. The
abp auth key parameter is specifically vulnerable to this exploit.Recommendations
For versions up to, and including, 1.0.11, avoid using the
abp auth key parameter until a fix is available. As a temporary workaround, consider implementing additional input validation and output escaping for the abp auth key parameter to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Website Article Monetization By Magenet