CVE-2024-0656

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Feb 29, 2024

Summary

CVE-2024-0656 is a vulnerability found in the Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress, affecting all versions up to and including 2.6.6. The vulnerability is classified as Stored Cross-Site Scripting and occurs due to insufficient input sanitization and output escaping of the Google Captcha Site Key. The exploit allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages, which will execute whenever a user accesses an injected page. It should be noted that this vulnerability only affects multi-site installations and installations where unfiltered_html has been disabled. The risk score assigned to this vulnerability is 5, with a base severity of MEDIUM. Remediation should involve updating the affected plugin to the latest version or applying any available patches, as recommended by security@wordfence.com, the source of this information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0656 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options