WP Triggers Lite <= 2.5.3 – Admin+ SQL Injection | CVE 2024-13095

Affects Plugins

wp-triggers-lite

No known fix

References

CVE

CVE-2024-13095

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

4.1 (medium)

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

bobmatyas

Verified

Yes

WPVDB ID

74e95fb5-025b-4d4d-a279-844b6ee3e57d

Timeline

Publicly Published

2025-01-06 (about 11 months ago)

Added

2025-01-06 (about 11 months ago)

Last Updated

2025-01-06 (about 11 months ago)

Other

Published

Title

Published

2025-04-04

Title

Musician's Pack for Elementor <= 1.8.7 - Contributor+ Stored XSS

Published

2023-10-09

Title

Fattura24 < 6.2.8 - Reflected Cross-Site Scripting

Published

2024-06-03

Title

Save as PDF Plugin by Pdfcrowd < 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-11-01

Title

ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder

Published

2023-03-27

Title

Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS