CVE-2024-13515

Name of the Vulnerable Software and Affected Versions The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress versions up to, and including, 2.28.0

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the path parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Recommendations For versions up to, and including, 2.28.0, consider updating to a newer version that addresses the issue, as no specific workaround is provided for these versions. As a temporary workaround, consider restricting access to the path parameter to minimize the risk of exploitation.