PT-2024-27417 · WordPress · Wp Directory Kit

Sandeep Vishwakarma

Published

2024-07-09

Updated

2024-07-09

CVE-2024-37253

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions 1.3.6 and earlier

Description The issue is related to an Improper Neutralization of Special Elements in Output Used by a Downstream Component, also known as an 'Injection' vulnerability. This allows for Code Injection in WP Directory Kit.

Recommendations For WP Directory Kit versions 1.3.6 and earlier, update to a version later than 1.3.6 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

Fix

Special Elements Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-79

Related Identifiers

CVE-2024-37253

Affected Products

Wp Directory Kit

PT-2024-27417 · WordPress · Wp Directory Kit

CVE-2024-37253

Weakness Enumeration

Related Identifiers

Affected Products

References · 6