CVE-2024-13114

{"id": "CVE-2024-13114", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-02-04T06:15:27.627", "references": [{"url": "https://wpscan.com/vulnerability/0cecda12-590a-42a6-b10b-e0efe7fb3a3a/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."}, {"lang": "es", "value": "El complemento WP Projects Portfolio with Client Testimonials de WordPress hasta la versi\u00f3n 3.0 no desinfecta ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera un Cross-Site Scripting Reflejado que podr\u00eda usarse contra usuarios con privilegios altos, como el administrador."}], "lastModified": "2025-05-07T18:39:03.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phptechie:wp_projects_portfolio_with_client_testimonials:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0475823D-1E73-4E15-87AA-C5484F535F78", "versionEndIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}