CVE-2024-53278 MEDIUM

CVE-2024-53278

Vendor Gqevu6Bsiz
Product WP Admin UI Customize
Weakness CWE-79 · XSS
Published November 26, 2024
Last update November 26, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen.

Key dates

02Disclosure timeline

November 26, 2024 CVE published
November 26, 2024 Record updated