CVE-2024-12124

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54290. Reason: This candidate is a reservation duplicate of CVE-2024-54290. Notes: All CVE users should reference CVE-2024-54290 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

17 Jan 2025, 17:15

Type	Values Removed	Values Added
CWE	~~CWE-79~~
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : unknown
References	~~{'url': 'https://wordpress.org/plugins/role-includer/#developers', 'source': 'security@wordfence.com'}~~ ~~{'url': 'https://www.wordfence.com/threat-intel/vulnerabilities/id/97b3399b-cda2-4ab1-8919-b1e4ba4a5dcf?source=cve', 'source': 'security@wordfence.com'}~~
Summary	(en) The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	(en) Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54290. Reason: This candidate is a reservation duplicate of CVE-2024-54290. Notes: All CVE users should reference CVE-2024-54290 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

07 Jan 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-07 05:15

Updated : 2025-01-17 17:15

NVD link : CVE-2024-12124

Mitre link : CVE-2024-12124

CVE.ORG link : CVE-2024-12124

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-12124

Attach tags to `CVE-2024-12124`