CVE-2024-0903

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 22, 2024

Summary

CVE-2024-0903 is a Stored Cross-Site Scripting vulnerability affecting the User Feedback plugin for WordPress, versions up to and including 1.0.13. The issue arises due to insufficient input sanitization and output escaping in the 'page_submitted' 'link' value. This flaw enables unauthenticated attackers to inject arbitrary web scripts into the feedback submission page. Upon a user clicking the malicious link, along with the command key, the injected scripts will execute, potentially resulting in data theft, unauthorized access, or site defacement.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uSECld
https://www.cve.org/CVERecord?id=CVE-2024-0903
https://nvd.nist.gov/vuln/detail/CVE-2024-0903

Back to Vulnerability Database

CVE-2024-0903

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations