How severe is CVE-2024-12697?

CVE-2024-12697 has a CVSS v3 score of 6.4 (MEDIUM).

CVE-2024-12697

6.4MEDIUM

The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it pos

Published: 12/21/2024Updated: 12/21/2024

Description

The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

AI AnalysisPowered by AI

References

https://wordpress.org/plugins/real-kit/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/83e1f631-28ec-4924-9d69-caaba00fe276?source=cve