CVE-2024-4860 | RSS Aggregator Plugin up to 4.23.8 on WordPress GET Parameter notice_id cross site scripting

Posted by Angelo Barbosa | May 14, 2024 | CVE

A vulnerability has been found in RSS Aggregator Plugin up to 4.23.8 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument notice_id leads to cross site scripting.

This vulnerability is known as CVE-2024-4860. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-4860 | RSS Aggregator Plugin up to 4.23.8 on WordPress GET Parameter notice_id cross site scripting

Related Posts

CVE-2024-26277 | Siemens Parasolid X_T File null pointer dereference (ssa-222019)

CVE-2024-20771 | Adobe Bridge up to 13.0.6/14.0.2 out-of-bounds (apsb24-24)

CVE-2024-6355 | Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12 /status/product_info/ product_info cross site scripting

CVE-2023-7014 | Author Box, Guest Author and Co-Authors for Your Posts Plugin ma_debug information disclosure