Simple Certain Time to Show Content WordPress plugin < 1.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users such as admin, exploit requires attacker to craft a malicious URL. [已公开] id: CVE-2024-10152 info: name: Simple Certain Time to Show Content - Cross-Site Scripting author: Sourabh-Sahu severity: high description: | Simple Certain Time to Show Content WordPress plugin < 1.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users such as admin, exploit requires attacker to craft a malicious URL. impact: | Attackers can execute arbitrary scripts in the context of high privilege users, potentially leading to session hijacking or privilege escalation. remediation: | Update to version 1.3.1 or later. reference: - https://wpscan.com/vulnerability/b4d17da2-4c47-4fd1-a6bd-6692b07cf710/ - https://nvd.nist.gov/vuln/detail/CVE-2024-10152 classification: cvss-m

未知