CVE-2024-8983

Custom Twitter Feeds  WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CISA-ADPADP
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
smashballooncustom_twitter_feeds
𝑥
< 2.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/29194dde-8d11-4096-a5ae-1d69c2c5dc33/