CVE-2024-13119

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Feb 13, 2025

CWE ID 79

Summary

CVE-2024-13119 is a vulnerability affecting the Paid Membership Plugin for WordPress before version 4.15.20. The flaw lies in the plugin's settings, which do not undergo proper sanitization and escaping. This oversight enables high privilege users, such as admins, to execute Stored Cross-Site Scripting (XSS) attacks, bypassing the unfiltered_html capability restriction, even in multisite setups.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2F5_tt
https://www.cve.org/CVERecord?id=CVE-2024-13119
https://nvd.nist.gov/vuln/detail/CVE-2024-13119

Back to Vulnerability Database

CVE-2024-13119

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations