The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abp_auth_key' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Configurations
History
24 Mar 2025, 14:48
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://plugins.trac.wordpress.org/browser/website-article-monetization-by-magenet/trunk/admin/article-backlinks-admin.php#L110 - Product | |
| References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/b8564dbb-6be8-4999-be65-d28609e05451?source=cve - Third Party Advisory | |
| CPE | cpe:2.3:a:magenet:website_article_monetization:*:*:*:*:*:wordpress:*:* | |
| First Time |
Magenet website Article Monetization
Magenet |
|
| CWE | CWE-79 |
Information
Published : 2024-03-20 07:15
Updated : 2025-03-24 14:48
NVD link : CVE-2024-1379
Mitre link : CVE-2024-1379
CVE.ORG link : CVE-2024-1379
JSON object : View
Products Affected
magenet
- website_article_monetization
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')