CVE-2024-8317

Description

The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PUBLISHED Reserved 2024-08-29 | Published 2024-09-06 | Updated 2024-09-06 | Assigner Wordfence

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Timeline

Credits

Francesco Carlucci finder

References

www.wordfence.com/...-2159-4327-ba09-da7721f1312e?source=cve

plugins.trac.wordpress.org/...min/class-wpadcenter-admin.php

wordpress.org/plugins/wpadcenter/

plugins.trac.wordpress.org/...min/class-wpadcenter-admin.php

plugins.trac.wordpress.org/...min/class-wpadcenter-admin.php

plugins.trac.wordpress.org/changeset/3146736/

plugins.trac.wordpress.org/changeset/3146736/

cve.org (CVE-2024-8317)

nvd.nist.gov (CVE-2024-8317)

Download JSON