CVE-2024-6661 – The ParityPress – Parity Pricing with Discount Rules plugin for WordPress is vulnerable …

27 July 2024

Vuln ID: CVE-2024-6661

Published: 2024-07-27 02:15:12.780

Description: The ParityPress – Parity Pricing with Discount Rules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘Discount Text’ in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Base Score: 5.5 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Source: NVD.NIST.GOV

Date:

27 July 2024

Categorie(s):

NVD

Tag(s):

NVD

Sinister SpyAgent Android Malware Uses Optics To Crack Your Crypto Wallet7 September 2024
Despite cyberattacks, water security standards remain a pipe dream7 September 2024
Hackers Threaten to Leak Planned Parenthood Data7 September 2024
Protect AI Democratizes AI Security Training with Free MLSecOps Foundations Online Learning Course 7 September 2024
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams7 September 2024