ECT Home Page Products WordPress plugin through 1.9 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires victim to visit a maliciously crafted page. [已公开] id: CVE-2024-13225 info: name: ECT Home Page Products - Reflected XSS author: Sourabh-Sahu severity: medium description: | ECT Home Page Products WordPress plugin through 1.9 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires victim to visit a maliciously crafted page. impact: | Attackers can execute malicious scripts in the context of high privilege users, potentially leading to session hijacking or account compromise. remediation: | Update to the latest version of the plugin where the vulnerability is fixed. reference: - https://wpscan.com/vulnerability/8efd7d62-3f74-4108-970e-bd5ed24914ff/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/

未知