CVE-2024-6020

Summary

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.

Affected Software

VendorProductVersion RangeStatus
UnknownSign-up Sheets0 < 2.2.13affected

Weaknesses

  • CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References