How severe is CVE-2024-3903?

CVE-2024-3903 has a CVSS v3 score of 7.1 (HIGH).

CVE-2024-3903

Name: add_custom_css_and_js
Author: technologicx

7.1HIGH

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as autho

Publicado: 5/14/2024Actualizado: 5/14/2025

Descripción

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack

Análisis IAImpulsado por IA

Productos Afectados

technologicxadd_custom_css_and_js

Referencias

https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/
ExploitThird Party Advisory
https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/
ExploitThird Party Advisory