Vulnerabilites related to gqevu6bsiz - My WP Customize Admin/Frontend
jvndb-2024-014825
Vulnerability from jvndb
Published
2024-12-16 13:57
Modified
2024-12-16 13:57
Severity ?
Summary
WordPress Plugin "My WP Customize Admin/Frontend" vulnerable to cross-site scripting
Details
WordPress Plugin "My WP Customize Admin/Frontend" provided by gqevu6bsiz contains a stored cross-site scripting vulnerability (CWE-79).
The developer reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and the developer coordinated to publish this advisory.
References
| ► | Type | URL | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| ► | Vendor | Product |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-014825.html",
"dc:date": "2024-12-16T13:57+09:00",
"dcterms:issued": "2024-12-16T13:57+09:00",
"dcterms:modified": "2024-12-16T13:57+09:00",
"description": "WordPress Plugin \"My WP Customize Admin/Frontend\" provided by gqevu6bsiz contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nThe developer reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and the developer coordinated to publish this advisory.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-014825.html",
"sec:cpe": {
"#text": "cpe:/a:misc_gqevu6bsiz:my_wp_customize_admin_frontend",
"@product": "My WP Customize Admin/Frontend",
"@vendor": "gqevu6bsiz",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-014825",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90748215/index.html",
"@id": "JVNVU#90748215",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-55864",
"@id": "CVE-2024-55864",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress Plugin \"My WP Customize Admin/Frontend\" vulnerable to cross-site scripting"
}
CVE-2024-55864 (GCVE-0-2024-55864)
Vulnerability from cvelistv5
Published
2024-12-17 04:43
Modified
2024-12-17 14:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site scripting (XSS)
Summary
Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gqevu6bsiz | My WP Customize Admin/Frontend |
Version: prior to ver 1.24.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:43:47.259861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:43:59.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "My WP Customize Admin/Frontend",
"vendor": "gqevu6bsiz",
"versions": [
{
"status": "affected",
"version": "prior to ver 1.24.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T04:43:53.952Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/my-wp/#developers"
},
{
"url": "https://mywpcustomize.com/update-history-my-wp-customize-admin-frontend-1-24-1/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90748215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-55864",
"datePublished": "2024-12-17T04:43:53.952Z",
"dateReserved": "2024-12-11T00:29:42.949Z",
"dateUpdated": "2024-12-17T14:43:59.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}