PT-2024-36585 · WordPress · Table Of Contents Plus
Dmitry Ignatyev
·
Published
2024-11-04
·
Updated
2024-11-06
·
CVE-2024-5578
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Table of Contents Plus WordPress plugin versions through 2408
Description
The Table of Contents Plus WordPress plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered html is disallowed. This issue could enable malicious script injection.
Recommendations
For Table of Contents Plus WordPress plugin versions through 2408, update the plugin to a patched version as soon as possible to mitigate the risk of Cross-Site Scripting attacks.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Table Of Contents Plus