CVE-2024-10309

{"id": "CVE-2024-10309", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.7}]}, "published": "2025-01-30T06:15:28.827", "references": [{"url": "https://wpscan.com/vulnerability/9eb21250-34bd-4600-a0a5-7c5117f69f04/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/9eb21250-34bd-4600-a0a5-7c5117f69f04/", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks."}, {"lang": "es", "value": "El complemento Tracking Code Manager de WordPress anterior a la versi\u00f3n 2.4.0 no desinfecta ni escapa algunas de las configuraciones de su metabox al mostrarlas en la p\u00e1gina, lo que podr\u00eda permitir que los usuarios con un rol tan bajo como Colaborador realicen ataques de Cross-Site Scripting."}], "lastModified": "2025-05-11T23:38:49.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:data443:tracking_code_manager:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9CAAE234-0843-4110-B95C-ECD4DFD6A633", "versionEndExcluding": "2.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}