PT-2025-7704 · WordPress · The Photo Contest | Competition | Video Contest
Hassan Khan Yusufzai
+1
·
Published
2025-02-24
·
Updated
2025-02-24
·
CVE-2024-13822
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Photo Contest | Competition | Video Contest WordPress plugin versions 2.8.1 and earlier
Description
The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users such as admin. This occurs because the plugin does not sanitise and escape a
parameter before outputting it back in the page.Recommendations
For versions 2.8.1 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of Reflected Cross-Site Scripting attacks against high privilege users. Avoid using the vulnerable
parameter in the affected plugin until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Photo Contest | Competition | Video Contest