CVE-2024-7629
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)
Published: Aug 21, 2024 / Updated: 3mo ago
010
CVSS 5.4EPSS 0.05%Medium
CVE info copied to clipboard
The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires responsive videos to be enabled for posts.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2024-7629. See article
Aug 21, 2024 at 6:14 AM / Vulners.com RSS Feed
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
Aug 21, 2024 at 6:14 AM
CVSS
A CVSS base score of 5.4 has been assigned.
Sep 27, 2024 at 5:35 PM / nvd
Affected Systems
Kirstyburgoine/responsive_video
+null more
Attack Patterns
CAPEC-18: XSS Targeting Non-Script Elements
+null more
News
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week: WordPress Plugins with Reported Vulnerabilities Last Week
cveNotify : 🚨 CVE-2024-7629The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires responsive videos to be enabled for posts.🎖@cveNotify
cveNotify : 🚨 CVE-2024-7629The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires responsive videos to be enabled for posts.🎖@cveNotify
Arbitrary Web Script Injection Vulnerability in Responsive Video Plugin for WordPress
Marla14 - MEDIUM - CVE-2024-7629 The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires responsive videos to be enabled for posts.
CVE-2024-7629 - "WordPress Responsive Video Plugin Stored XSS"
CVE ID : CVE-2024-7629 Published : Aug. 21, 2024, 6:15 a.m. 21 minutes ago Description : The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires responsive videos to be enabled for posts. Severity:
CVE-2024-7629
The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires responsive videos to be enabled for...
See 4 more articles and social media posts