PT-2024-39199 · WordPress · Flexmls Idx Plugin

Kayge

Published

2024-10-16

Updated

2024-10-18

CVE-2024-8719

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Flexmls® IDX Plugin plugin for WordPress versions up to, and including, 3.14.22

Description: The issue is related to Reflected Cross-Site Scripting via several parameters like MaxBeds and MinBeds due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Recommendations: For versions up to, and including, 3.14.22, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Reflected Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the parameters MaxBeds and MinBeds to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-8719

Affected Products

Flexmls Idx Plugin

PT-2024-39199 · WordPress · Flexmls Idx Plugin

CVE-2024-8719

Weakness Enumeration

Related Identifiers

Affected Products

References · 7