PT-2024-28673 · WordPress · Wordpress Jitsi Shortcode

Bob Matyas

Published

2024-06-14

Updated

2024-08-01

CVE-2024-3978

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WordPress Jitsi Shortcode WordPress plugin version 0.1

Description The WordPress Jitsi Shortcode WordPress plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations For WordPress Jitsi Shortcode WordPress plugin version 0.1, update to a version that includes input validation and escaping for shortcode attributes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the use of the vulnerable shortcode attributes to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-3978

Affected Products

Wordpress Jitsi Shortcode

PT-2024-28673 · WordPress · Wordpress Jitsi Shortcode

CVE-2024-3978

Weakness Enumeration

Related Identifiers

Affected Products

References · 5