CVE-2024-2846

Name of the Vulnerable Software and Affected Versions Visual Footer Credit Remover plugin for WordPress versions up to, and including, 2

Description The issue allows authenticated attackers with administrator-level access to inject arbitrary web scripts in pages via the selector parameter due to insufficient input sanitization and output escaping. This makes it possible for injected scripts to execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled.

Recommendations For Visual Footer Credit Remover plugin for WordPress versions up to, and including, 2, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the selector parameter to minimize the risk of arbitrary web script injection. Avoid using the selector parameter in affected pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.