CVE-2024-53278

MEDIUM

WP Admin UI Customize <1.5.14 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen.

Scores

CVSS v3 4.8
EPSS 0.0037
EPSS Percentile 29.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
gqevu6bsiz/WP Admin UI Customize prior to ver 1.5.14
Published Nov 26, 2024
Tracked Since Feb 18, 2026