CVE-2024-29808

Name of the Vulnerable Software and Affected Versions admin-ajax.php (affected versions not specified)

Description The issue concerns a reflected Cross Site Scripting vulnerability in the image id parameter of the AJAX call to the editimage bwg action of admin-ajax.php. This allows an attacker to insert and execute arbitrary JavaScript, but the attacker must target an authenticated user with permissions to access this component to exploit the issue.

Recommendations As a temporary workaround, consider restricting access to the editimage bwg action of admin-ajax.php to minimize the risk of exploitation. Avoid using the image id parameter in the affected AJAX endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.