CVE-2024-6223

The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS

No CVSS.

References

Link	Resource
https://wpscan.com/vulnerability/cf7d1cea-0bf4-4b9e-bab4-71d5719a7c30/

Configurations

No configuration.

History

30 Jul 2024, 13:32

Type	Values Removed	Values Added
Summary		(es) El complemento de WordPress Send email only on Reply to My Comment hasta la versión 1.0.6 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross Site Scripting reflejado que podría usarse contra usuarios con privilegios elevados, como el administrador.

30 Jul 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-30 06:15

Updated : 2024-07-30 13:32

NVD link : CVE-2024-6223

Mitre link : CVE-2024-6223

CVE.ORG link : CVE-2024-6223

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-6223

Attach tags to `CVE-2024-6223`