All the vulnerabilites related to gqevu6bsiz - My WP Customize Admin/Frontend
cve-2024-55864
Vulnerability from cvelistv5
Published
2024-12-17 04:43
Modified
2024-12-17 14:43
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | gqevu6bsiz | My WP Customize Admin/Frontend |
Version: prior to ver 1.24.1 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:43:47.259861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:43:59.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "My WP Customize Admin/Frontend",
"vendor": "gqevu6bsiz",
"versions": [
{
"status": "affected",
"version": "prior to ver 1.24.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T04:43:53.952Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/my-wp/#developers"
},
{
"url": "https://mywpcustomize.com/update-history-my-wp-customize-admin-frontend-1-24-1/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90748215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-55864",
"datePublished": "2024-12-17T04:43:53.952Z",
"dateReserved": "2024-12-11T00:29:42.949Z",
"dateUpdated": "2024-12-17T14:43:59.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2024-014825
Vulnerability from jvndb
Published
2024-12-16 13:57
Modified
2024-12-16 13:57
Severity ?
Summary
WordPress Plugin "My WP Customize Admin/Frontend" vulnerable to cross-site scripting
Details
WordPress Plugin "My WP Customize Admin/Frontend" provided by gqevu6bsiz contains a stored cross-site scripting vulnerability (CWE-79).
The developer reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and the developer coordinated to publish this advisory.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU90748215/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-55864 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| gqevu6bsiz | My WP Customize Admin/Frontend |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-014825.html",
"dc:date": "2024-12-16T13:57+09:00",
"dcterms:issued": "2024-12-16T13:57+09:00",
"dcterms:modified": "2024-12-16T13:57+09:00",
"description": "WordPress Plugin \"My WP Customize Admin/Frontend\" provided by gqevu6bsiz contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nThe developer reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and the developer coordinated to publish this advisory.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-014825.html",
"sec:cpe": {
"#text": "cpe:/a:misc_gqevu6bsiz:my_wp_customize_admin_frontend",
"@product": "My WP Customize Admin/Frontend",
"@vendor": "gqevu6bsiz",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-014825",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90748215/index.html",
"@id": "JVNVU#90748215",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-55864",
"@id": "CVE-2024-55864",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress Plugin \"My WP Customize Admin/Frontend\" vulnerable to cross-site scripting"
}