Vulnerability Details CVE-2024-4473
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.0%
CVSS Severity
CVSS v3 Score 6.4
References
- https://plugins.trac.wordpress.org/changeset/3082233/sydney-toolbox
- https://www.wordfence.com/threat-intel/vulnerabilities/id/60f16abd-951b-48a0-a363-0221f7e0957d?source=cve
- https://plugins.trac.wordpress.org/changeset/3082233/sydney-toolbox
- https://www.wordfence.com/threat-intel/vulnerabilities/id/60f16abd-951b-48a0-a363-0221f7e0957d?source=cve
Products affected by CVE-2024-4473
-
cpe:2.3:a:athemes:sydney_toolbox:-
-
cpe:2.3:a:athemes:sydney_toolbox:1.0
-
cpe:2.3:a:athemes:sydney_toolbox:1.01
-
cpe:2.3:a:athemes:sydney_toolbox:1.02
-
cpe:2.3:a:athemes:sydney_toolbox:1.03
-
cpe:2.3:a:athemes:sydney_toolbox:1.04
-
cpe:2.3:a:athemes:sydney_toolbox:1.06
-
cpe:2.3:a:athemes:sydney_toolbox:1.07
-
cpe:2.3:a:athemes:sydney_toolbox:1.08
-
cpe:2.3:a:athemes:sydney_toolbox:1.09
-
cpe:2.3:a:athemes:sydney_toolbox:1.10
-
cpe:2.3:a:athemes:sydney_toolbox:1.11
-
cpe:2.3:a:athemes:sydney_toolbox:1.12
-
cpe:2.3:a:athemes:sydney_toolbox:1.13
-
cpe:2.3:a:athemes:sydney_toolbox:1.14
-
cpe:2.3:a:athemes:sydney_toolbox:1.15
-
cpe:2.3:a:athemes:sydney_toolbox:1.17
-
cpe:2.3:a:athemes:sydney_toolbox:1.18
-
cpe:2.3:a:athemes:sydney_toolbox:1.19
-
cpe:2.3:a:athemes:sydney_toolbox:1.21
-
cpe:2.3:a:athemes:sydney_toolbox:1.23
-
cpe:2.3:a:athemes:sydney_toolbox:1.24
-
cpe:2.3:a:athemes:sydney_toolbox:1.25
-
cpe:2.3:a:athemes:sydney_toolbox:1.26
-
cpe:2.3:a:athemes:sydney_toolbox:1.27
-
cpe:2.3:a:athemes:sydney_toolbox:1.28
-
cpe:2.3:a:athemes:sydney_toolbox:1.31