How severe is CVE-2024-3903?

CVE-2024-3903 has a CVSS v3 score of 7.1 (HIGH).

CVE-2024-3903

Name: add_custom_css_and_js
Author: technologicx

7.1HIGH

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as autho

Опубликовано: 5/14/2024Обновлено: 5/14/2025

Описание

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack

ИИ-АнализНа базе ИИ

Затронутые продукты

technologicxadd_custom_css_and_js

Ссылки

https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/
ExploitThird Party Advisory
https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/
ExploitThird Party Advisory