← Zuruck zu CVEs
CVE-2024-10515
LOW3.5
Beschreibung
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
CVE Details
CVSS v3.1 Bewertung3.5
SchweregradLOW
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionREQUIRED
Veroffentlicht11/20/2024
Zuletzt geandert3/31/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
squirrly:seo_plugin_by_squirrly_seo
Schwachen (CWE)
CWE-79
Referenzen
https://wpscan.com/vulnerability/367aad17-fbb5-48eb-8829-5d3513098d02/(contact@wpscan.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.