Giga Messenger WordPress plugin <= 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious link or request. [已公开] id: CVE-2024-13328 info: name: Giga Messenger WordPress - Cross-Site Scripting author: Sourabh-Sahu severity: medium description: | Giga Messenger WordPress plugin <= 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious link or request. impact: | Attackers can execute malicious scripts in the context of high privilege users, potentially leading to session hijacking or account compromise. remediation: | Update to the latest version of the plugin where the vulnerability is fixed. reference: - https://wpscan.com/vulnerability/543a209b-c43c-46fc-8369-edb3b7e0ca98/ - https://nvd.nist.gov/vuln/detail/CVE-2024-13328 classification: cvss-metrics: CVSS

未知