PT-2024-39631 · WordPress · Publishpress Revisions
Dale Mavers
+1
·
Published
2024-10-11
·
Updated
2024-10-15
·
CVE-2024-9436
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PublishPress Revisions plugin versions up to, and including, 3.5.14
Description
The issue is related to Reflected Cross-Site Scripting, which occurs due to the use of
add query arg without proper escaping on the URL. This allows unauthenticated attackers to inject arbitrary web scripts in pages, which execute when a user performs a specific action, such as clicking on a link.Recommendations
For versions up to, and including, 3.5.14, update to a version higher than 3.5.14 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Publishpress Revisions