Search criteria
3 vulnerabilities found for WP Admin UI Customize by gqevu6bsiz
JVNDB-2024-000121
Vulnerability from jvndb - Published: 2024-11-26 13:57 - Updated:2024-11-26 13:57
Severity ?
Summary
WordPress Plugin "WP Admin UI Customize" vulnerable to cross-site scripting
Details
WordPress Plugin "WP Admin UI Customize" provided by gqevu6bsiz contains a stored cross-site scripting vulnerability (CWE-79).
Ibuki Sato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000121.html",
"dc:date": "2024-11-26T13:57+09:00",
"dcterms:issued": "2024-11-26T13:57+09:00",
"dcterms:modified": "2024-11-26T13:57+09:00",
"description": "WordPress Plugin \"WP Admin UI Customize\" provided by gqevu6bsiz contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nIbuki Sato reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000121.html",
"sec:cpe": {
"#text": "cpe:/a:misc_gqevu6bsiz:wp_admin_ui_customize",
"@product": "WP Admin UI Customize",
"@vendor": "gqevu6bsiz",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000121",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN87182660/index.html",
"@id": "JVN#87182660",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-53278",
"@id": "CVE-2024-53278",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WordPress Plugin \"WP Admin UI Customize\" vulnerable to cross-site scripting"
}
CVE-2024-53278 (GCVE-0-2024-53278)
Vulnerability from cvelistv5 – Published: 2024-11-26 04:33 – Updated: 2024-11-26 14:09
VLAI?
Summary
Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gqevu6bsiz | WP Admin UI Customize |
Affected:
prior to ver 1.5.14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:04:17.341392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:26.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WP Admin UI Customize",
"vendor": "gqevu6bsiz",
"versions": [
{
"status": "affected",
"version": "prior to ver 1.5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T04:33:51.381Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/wp-admin-ui-customize/#developers"
},
{
"url": "https://gqevu6bsiz.chicappa.jp/wp-admin-ui-customize-%E3%82%A2%E3%83%83%E3%83%97%E3%83%87%E3%83%BC%E3%83%881-5-14%E3%82%92%E3%81%97%E3%81%BE%E3%81%97%E3%81%9F/"
},
{
"url": "https://jvn.jp/en/jp/JVN87182660/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-53278",
"datePublished": "2024-11-26T04:33:51.381Z",
"dateReserved": "2024-11-20T00:41:03.536Z",
"dateUpdated": "2024-11-26T14:09:26.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53278 (GCVE-0-2024-53278)
Vulnerability from nvd – Published: 2024-11-26 04:33 – Updated: 2024-11-26 14:09
VLAI?
Summary
Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gqevu6bsiz | WP Admin UI Customize |
Affected:
prior to ver 1.5.14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:04:17.341392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:26.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WP Admin UI Customize",
"vendor": "gqevu6bsiz",
"versions": [
{
"status": "affected",
"version": "prior to ver 1.5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T04:33:51.381Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://wordpress.org/plugins/wp-admin-ui-customize/#developers"
},
{
"url": "https://gqevu6bsiz.chicappa.jp/wp-admin-ui-customize-%E3%82%A2%E3%83%83%E3%83%97%E3%83%87%E3%83%BC%E3%83%881-5-14%E3%82%92%E3%81%97%E3%81%BE%E3%81%97%E3%81%9F/"
},
{
"url": "https://jvn.jp/en/jp/JVN87182660/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-53278",
"datePublished": "2024-11-26T04:33:51.381Z",
"dateReserved": "2024-11-20T00:41:03.536Z",
"dateUpdated": "2024-11-26T14:09:26.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}