CVE-2024-0852

{"id": "CVE-2024-0852", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-05-15T20:15:32.117", "references": [{"url": "https://wpscan.com/vulnerability/743c4d79-e1d5-4fb0-a17d-296df2c54e8a/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin"}, {"lang": "es", "value": "El complemento coreActivity: Activity Logging para WordPress anterior a 1.8.1 no escapa a algunos datos de solicitud cuando los muestra en el panel de administraci\u00f3n, lo que permite que usuarios no autenticados realicen un ataque XSS almacenado contra usuarios con privilegios altos, como el administrador."}], "lastModified": "2025-11-13T21:15:46.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dev4press:coreactivity:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EBC055AE-6722-43B2-BCA4-D52A004D0BBA", "versionEndExcluding": "1.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}