Co-marquage service-public.fr < 0.5.73 – Reflected Cross-Site Scripting via search_term | CVE 2024-29758 | Plugin Vulnerabilities

Description

The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 0.5.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Affects Plugins

co-marquage-service-public

Fixed in 0.5.73

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/0ce2dc45-0e23-4fba-8ef3-543db2a02eda

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

beluga

Verified

No

WPVDB ID

7d58847b-0e0e-45c7-a4b9-762e02f59dc8

Timeline

Publicly Published

2024-03-25 (about 2 years ago)

Added

2024-03-29 (about 2 years ago)

Last Updated

2024-03-29 (about 2 years ago)

Other

Published

Title

Published

2015-01-10

Title

Greg's High Performance SEO 1.6.1 - Reflected XSS

Published

2017-03-23

Title

YOP Poll <= 5.8.0 - Stored Cross-Site Scripting (XSS)

Published

2023-01-23

Title

YouTube Embed, Playlist and Popup by WpDevArt < 2.6.4 - Admin+ Stored XSS

Published

2023-06-21

Title

Gravity Forms < 2.7.5 - Reflected XSS

Published

2021-08-02

Title

StoryChief < 1.0.31 - Authenticated Stored Cross-Site Scripting (XSS)