How severe is CVE-2024-3903?

CVE-2024-3903 has a CVSS v3 score of 7.1 (HIGH).

CVE-2024-3903

Name: add_custom_css_and_js
Author: technologicx

7.1HIGH

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as autho

Publicado: 5/14/2024Atualizado: 5/14/2025

Descrição

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack

Análise IADesenvolvido por IA

Produtos Afetados

technologicxadd_custom_css_and_js

Referências

https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/
ExploitThird Party Advisory
https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/
ExploitThird Party Advisory