PT-2025-2076 · WordPress · User Messages Wordpress Plugin
Hassan Khan Yusufzai
+1
·
Published
2025-01-31
·
Updated
2026-02-06
·
CVE-2024-13222
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WordPress User Messages plugin versions through 1.2.4
Description
The User Messages WordPress plugin through version 1.2.4 does not properly sanitize and escape a parameter before displaying it on a page. This can lead to a Reflected Cross-Site Scripting issue. This issue could potentially be used to target users with high privileges, such as administrators. The vulnerability involves improper handling of user-supplied input, allowing malicious scripts to be injected into the web page. The vulnerable parameter is not explicitly identified.
Recommendations
WordPress User Messages plugin versions prior to 1.2.4 should be updated.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
User Messages Wordpress Plugin