PT-2024-28654 · WordPress · The House Manager

Bob Matyas

Published

2024-08-07

Updated

2024-08-15

CVE-2024-3973

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The House Manager WordPress plugin versions 1.0.8.4 and earlier

Description The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitized and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators. Attackers may inject malicious scripts.

Recommendations For The House Manager WordPress plugin versions 1.0.8.4 and earlier, update the plugin immediately to a version that contains the fix for this issue. If the plugin is unused, consider disabling it to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-3973

Affected Products

The House Manager

PT-2024-28654 · WordPress · The House Manager

CVE-2024-3973

Weakness Enumeration

Related Identifiers

Affected Products

References · 6