CVE-2024-53278:

4.8 CVSS

Description

Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen.

Classification

CVE ID: CVE-2024-53278

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.8

Affected Products

Vendor: gqevu6bsiz

Product: WP Admin UI Customize

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.81% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://wordpress.org/plugins/wp-admin-ui-customize/#developers
https://gqevu6bsiz.chicappa.jp/wp-admin-ui-customize-%E3%82%A2%E3%83%83%E3%83%97%E3%83%87%E3%83%BC%E3%83%881-5-14%E3%82%92%E3%81%97%E3%81%BE%E3%81%97%E3%81%9F/
https://jvn.jp/en/jp/JVN87182660/

Timeline

2024-11-27 14:42:05 UTC
CVE