/

CVE-2024-1997 Report - Details, Severity, & Advisories

CVE-2024-1997 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1997?

CVE-2024-1997 is a Stored Cross-Site Scripting vulnerability found in the Premium Addons PRO plugin for WordPress, affecting all versions up to and including 2.9.12. This security issue allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which will then execute when users access those pages. The vulnerability impacts WordPress websites using the Premium Addons PRO plugin, specifically those running versions up to and including 2.9.12.

Who is impacted by CVE-2024-1997?

If you're using the Premium Addons PRO plugin for WordPress, specifically versions up to and including 2.9.12, you might be affected by the CVE-2024-1997 vulnerability. This security issue allows attackers with contributor-level access or higher to inject harmful web scripts into pages, which then execute when users visit those pages. It's important to be aware of this vulnerability and take necessary precautions to protect your website.

What should I do if I’m affected?

If you're affected by the CVE-2024-1997 vulnerability, it's crucial to take action to secure your website. Update your Premium Addons PRO plugin to the latest version (2.9.17 or higher) to benefit from security improvements and bug fixes. Check the changelog for details. Stay informed about vulnerabilities by monitoring resources like the National Vulnerability Database and Wordfence Threat Intelligence.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1997 vulnerability is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, found in the Premium Addons PRO plugin for WordPress, allows authenticated attackers with contributor-level access or higher to inject harmful web scripts into pages. These scripts then execute when users visit the affected pages. The vulnerability was added to the National Vulnerability Database on March 13, 2024. No specific due date or required action is mentioned, but updating the plugin to a secure version is recommended.

Weakness Enumeration

The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

To learn more about the vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-1997 Report - Details, Severity, & Advisories

CVE-2024-1997 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1997?

CVE-2024-1997 is a Stored Cross-Site Scripting vulnerability found in the Premium Addons PRO plugin for WordPress, affecting all versions up to and including 2.9.12. This security issue allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which will then execute when users access those pages. The vulnerability impacts WordPress websites using the Premium Addons PRO plugin, specifically those running versions up to and including 2.9.12.

Who is impacted by CVE-2024-1997?

If you're using the Premium Addons PRO plugin for WordPress, specifically versions up to and including 2.9.12, you might be affected by the CVE-2024-1997 vulnerability. This security issue allows attackers with contributor-level access or higher to inject harmful web scripts into pages, which then execute when users visit those pages. It's important to be aware of this vulnerability and take necessary precautions to protect your website.

What should I do if I’m affected?

If you're affected by the CVE-2024-1997 vulnerability, it's crucial to take action to secure your website. Update your Premium Addons PRO plugin to the latest version (2.9.17 or higher) to benefit from security improvements and bug fixes. Check the changelog for details. Stay informed about vulnerabilities by monitoring resources like the National Vulnerability Database and Wordfence Threat Intelligence.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1997 vulnerability is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, found in the Premium Addons PRO plugin for WordPress, allows authenticated attackers with contributor-level access or higher to inject harmful web scripts into pages. These scripts then execute when users visit the affected pages. The vulnerability was added to the National Vulnerability Database on March 13, 2024. No specific due date or required action is mentioned, but updating the plugin to a secure version is recommended.

Weakness Enumeration

The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

To learn more about the vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-1997 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1997?

CVE-2024-1997 is a Stored Cross-Site Scripting vulnerability found in the Premium Addons PRO plugin for WordPress, affecting all versions up to and including 2.9.12. This security issue allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which will then execute when users access those pages. The vulnerability impacts WordPress websites using the Premium Addons PRO plugin, specifically those running versions up to and including 2.9.12.

Who is impacted by CVE-2024-1997?

If you're using the Premium Addons PRO plugin for WordPress, specifically versions up to and including 2.9.12, you might be affected by the CVE-2024-1997 vulnerability. This security issue allows attackers with contributor-level access or higher to inject harmful web scripts into pages, which then execute when users visit those pages. It's important to be aware of this vulnerability and take necessary precautions to protect your website.

What should I do if I’m affected?

If you're affected by the CVE-2024-1997 vulnerability, it's crucial to take action to secure your website. Update your Premium Addons PRO plugin to the latest version (2.9.17 or higher) to benefit from security improvements and bug fixes. Check the changelog for details. Stay informed about vulnerabilities by monitoring resources like the National Vulnerability Database and Wordfence Threat Intelligence.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1997 vulnerability is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, found in the Premium Addons PRO plugin for WordPress, allows authenticated attackers with contributor-level access or higher to inject harmful web scripts into pages. These scripts then execute when users visit the affected pages. The vulnerability was added to the National Vulnerability Database on March 13, 2024. No specific due date or required action is mentioned, but updating the plugin to a secure version is recommended.

Weakness Enumeration

The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

To learn more about the vulnerability, its severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.