WordPress Plugin VK All in One Expansion Unit XSS Vulnerability (CVE-2024-52268)

Key Information 1. Vulnerability ID: - JVN#05136799 2. Vulnerability Description: - WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting - Describes a cross-site scripting (XSS) vulnerability in the WordPress plugin "VK All in One Expansion Unit". 3. Affected Products: - Versions of the "VK All in One Expansion Unit" plugin prior to 9.100.1.0. 4. Impact: - When users access websites using this plugin, malicious scripts can be executed in their browsers. 5. Solution: - Update the plugin to version 9.100.1.0 or later. 6. Vendor Status: - The plugin vendor, Vektor,Inc., has confirmed the vulnerability and released version 9.100.1.0 to fix the issue. 7. References: - JPCERT/CC Addendum - CVSS v3 Score: 4.8 - Reporter: Umeda Yuugo, Tokyo Denki University - JPCERT/CC coordinated with the developer through the Information Security Management Early Warning Partnership. 8. Additional Information: - JPCERT Alert - JPCERT Reports - CERT Advisory - CPNI Advisory - TRnotes - CVE ID: CVE-2024-52268 - JVN iPedia: JVNDB-2024-000118 Summary This page provides detailed information about a cross-site scripting (XSS) vulnerability in the WordPress plugin "VK All in One Expansion Unit", including affected product versions, impact, solution, vendor status, references, and additional related information.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Plugin VK All in One Expansion Unit XSS Vulnerability (CVE-2024-52268)