← Volver a CVEs
CVE-2024-10515
LOW3.5
Descripcion
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
Detalles CVE
Puntuacion CVSS v3.13.5
SeveridadLOW
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado11/20/2024
Ultima modificacion3/31/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
squirrly:seo_plugin_by_squirrly_seo
Debilidades (CWE)
CWE-79
Referencias
https://wpscan.com/vulnerability/367aad17-fbb5-48eb-8829-5d3513098d02/(contact@wpscan.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.