CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8276

The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.8%

CVSS Severity

CVSS v3 Score 6.4

References

Products affected by CVE-2024-8276

Wpzoom » Wpzoom Portfolio » Version: N/A

cpe:2.3:a:wpzoom:wpzoom_portfolio:-
Wpzoom » Wpzoom Portfolio » Version: 1.0.0

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.0.0
Wpzoom » Wpzoom Portfolio » Version: 1.0.1

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.0.1
Wpzoom » Wpzoom Portfolio » Version: 1.0.2

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.0.2
Wpzoom » Wpzoom Portfolio » Version: 1.0.3

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.0.3
Wpzoom » Wpzoom Portfolio » Version: 1.0.4

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.0.4
Wpzoom » Wpzoom Portfolio » Version: 1.0.5

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.0.5
Wpzoom » Wpzoom Portfolio » Version: 1.1.0

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.1.0
Wpzoom » Wpzoom Portfolio » Version: 1.2.0

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.2.0
Wpzoom » Wpzoom Portfolio » Version: 1.2.1

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.2.1
Wpzoom » Wpzoom Portfolio » Version: 1.2.2

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.2.2
Wpzoom » Wpzoom Portfolio » Version: 1.2.3

cpe:2.3:a:wpzoom:wpzoom_portfolio:1.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8276

Products

Pricing

Contact Us