CVE-2024-8243: Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF

Description

The WordPress/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Classification

CVE ID: CVE-2024-8243

Problem Types

CWE-352 Cross-Site Request Forgery (CSRF) CWE-79 Cross-Site Scripting (XSS)

Affected Products

Vendor: Unknown

Product: WordPress/Plugin Upgrade Time Out Plugin

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.72% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-8243
https://wpscan.com/vulnerability/8e1e2d8d-41aa-49bc-95d5-dae75be788d5/

Timeline

2025-04-09 07:40:19 UTC
CVE

Plugin Upgrade Time Out <= 1.0 - Stored XSS via CSRF