CVE-2024-55864

MEDIUM

My WP Customize Admin/Frontend <1.24.1 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page.

Scores

CVSS v3 4.8
EPSS 0.0033
EPSS Percentile 25.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
gqevu6bsiz/My WP Customize Admin/Frontend prior to ver 1.24.1
Published Dec 17, 2024
Tracked Since Feb 18, 2026