JVNVU#90748215
WordPress Plugin "My WP Customize Admin/Frontend" vulnerable to cross-site scripting
Overview
WordPress Plugin "My WP Customize Admin/Frontend" contains a cross-site scripting vulnerability.
Products Affected
- My WP Customize Admin/Frontend versions prior to ver 1.24.1
Description
WordPress Plugin "My WP Customize Admin/Frontend" provided by gqevu6bsiz contains a stored cross-site scripting vulnerability (CWE-79).
Impact
If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page.
Solution
Update the plugin
Update the plugin according to the information provided by the developer.
The developer has released the following version that addresses this vulnerability.
- My WP Customize Admin/Frontend ver 1.24.1
Vendor Status
| Vendor | Link |
| gqevu6bsiz | My WP Customize Admin/Frontend | Changelog |
| [update history] My WP Customize Admin/Frontend 1.24.1 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
The developer reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and the developer coordinated to publish this advisory.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-55864 |
| JVN iPedia |
|