CVE-2024-55864 MEDIUM

CVE-2024-55864

Vendor Gqevu6Bsiz
Product My WP Customize Admin/Frontend
Weakness CWE-79 · XSS
Published December 17, 2024
Last update December 17, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page.

Key dates

02Disclosure timeline

December 17, 2024 CVE published
December 17, 2024 Record updated