PT-2024-24628 · WordPress · Loopus Wp Cost Estimation & Payment Forms Builder

Rafie Muhammad

Published

2024-04-17

Updated

2024-04-17

CVE-2024-32510

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Loopus WP Cost Estimation & Payment Forms Builder versions through 10.1.75

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS.

Recommendations For versions through 10.1.75, update to a version later than 10.1.75 to resolve the issue. As a temporary workaround, consider restricting user input in web page generation to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-32510

Affected Products

Loopus Wp Cost Estimation & Payment Forms Builder

PT-2024-24628 · WordPress · Loopus Wp Cost Estimation & Payment Forms Builder

CVE-2024-32510

Weakness Enumeration

Related Identifiers

Affected Products

References · 3