CVE-2024-32746

Name of the Vulnerable Software and Affected Versions WonderCMS version 3.4.3

Description A cross-site scripting (XSS) vulnerability in the Settings section allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module.

Recommendations For WonderCMS version 3.4.3, consider disabling access to the Menu module or restricting the use of the MENU parameter until a patch is available. As a temporary workaround, avoid using the MENU parameter in the Settings section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.