CVEbuzz logo
This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for KAJOOM KJM Admin Notices 2.0.1 for WordPress

Titles listed in dictionary

CPE for product: cpe:2.3:a:kajoom:kjm_admin_notices:2.0.1:*:*:*:*:wordpress:*:*

Showing 1-1 of 1
Medium-low damage 4.8
Difficult to exploit
(other affected products) Published: Fri Oct 15 13:15:00 2021 UTC. Last Modified: Wed Oct 20 16:07:00 2021 UTC
CPE matches: cpe:2.3:a:kajoom:kjm_admin_notices:*:*:*:*:*:wordpress:*:* && versionEndIncluding=2.0.1

Description

The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

Damage

Attack conditions

Damage and attack conditions obtained from CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (CVSSv3)

Type of bug(s)

References