WP Triggers Lite WordPress plugin v2.5.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. [已公开] id: CVE-2024-13094 info: name: WP Triggers Lite - Cross-Site Scripting author: Sourabh-Sahu severity: high description: | WP Triggers Lite WordPress plugin v2.5.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. impact: | Attackers can execute malicious scripts in the context of high privilege users, potentially leading to session hijacking or account compromise. remediation: | Update to the latest version of WP Triggers Lite plugin that addresses this issue or apply security patches if available. reference: - https://wpscan.com/vulnerability/7a75809e-824e-458e-bd01-50dadcea7713/ - https://nvd.nist.gov/vuln/detail/CVE-2024-13094 classification: cvss-me

未知