PT-2024-35710 · WordPress · Wp Admin Ui Customize
Ibuki Sato
·
Published
2024-11-26
·
Updated
2024-11-26
·
CVE-2024-53278
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Admin UI Customize versions prior to 1.5.14
Description
A cross-site scripting issue exists, allowing an arbitrary script to be executed on the web browser of other users who access the admin screen, if a malicious admin user customizes the admin screen with malicious content.
Recommendations
For WP Admin UI Customize versions prior to 1.5.14, update to version 1.5.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin screen customization feature to trusted users only, until the update can be applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Admin Ui Customize