CVE-2024-32674

State: PUBLISHED · Published: 2024-05-08 · Updated: 2024-08-02 · Assigner: jpcert

Description

Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

Heateor / Heateor Social Login WordPress — v=prior to 1.1.32 [affected]

CVSS

(none)

References

https://wordpress.org/plugins/heateor-social-login/
https://jvn.jp/en/jp/JVN87694318/

Source

cvelistV5-main/cves/2024/32xxx/CVE-2024-32674.json