How severe is CVE-2024-3903?

CVE-2024-3903 has a CVSS v3 score of 7.1 (HIGH).

CVE-2024-3903

Name: add_custom_css_and_js
Author: technologicx

7.1HIGH

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as autho

公開日: 5/14/2024更新日: 5/14/2025

説明

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack

AI分析AIによる分析

影響を受ける製品

technologicxadd_custom_css_and_js

参照

https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/
ExploitThird Party Advisory
https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/
ExploitThird Party Advisory