WordPress Plugin Vulnerabilities

Max Addons Pro for Bricks < 1.6.2 - Reflected Cross-Site Scripting

Description

The Max Addons Pro for Bricks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Affects Plugins

Plugin icon
max-addons-pro-bricks
Fixed in 1.6.2

References

CVE
CVE-2024-32952
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/01cce0b2-b43c-4b79-89a0-c1842cab1edc

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
eb3fbd62-676a-471a-8b02-76ca9bf02efa

Timeline

Publicly Published
2024-04-22 (about 24 days ago)
Added
2024-04-29 (about 16 days ago)
Last Updated
2024-04-29 (about 16 days ago)

Other

Published
Title
Published
2021-09-15
Title
Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS
Published
2014-04-25
Title
Flash Photo Gallery <= 0.7 - XSS
Published
2024-02-01
Title
ProfilePress < 4.14.4 - Contributor+ Stored XSS
Published
2023-10-25
Title
Simple User Listing < 1.9.3 - Reflected XSS
Published
2014-08-01
Title
XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities