Automatically Hierarchic Categories in Menu < 2.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting | CVE 2024-47365 | Plugin Vulnerabilities

Description

The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

automatically-hierarchic-categories-in-menu

Fixed in 2.0.6

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/d9fe53e3-1916-4de2-91a6-83e823fc6e91

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Verified

No

WPVDB ID

bcd6c4ea-611c-4d86-8997-678a9fcd27e3

Timeline

Publicly Published

2024-09-30 (about 1 year ago)

Added

2024-10-10 (about 1 year ago)

Last Updated

2024-10-10 (about 1 year ago)

Other

Published

Title

Published

2023-10-16

Title

Custom post types < 5.0.3 - Admin+ Stored XSS

Published

2026-01-10

Title

Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting

Published

2023-06-26

Title

Cancel order request WooCommerce < 1.3.3 - Admin+ Stored XSS

Published

2024-12-19

Title

Spotlightr < 0.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-10-15

Title

Akismet htaccess writer <= 1.0.1 - Reflected Cross-Site Scripting