Key Information: 1. Vulnerability Type: - Name: Page Parts <= 1.4.3 - Reflected Cross-Site Scripting - Description: The Page Parts plugin is vulnerable to Reflected Cross-Site Scripting (XSS) due to improper input handling during page generation. 2. Vulnerability ID: - CVE ID: CVE-2024-11360 一 CVSS Score: 6.1 (Medium) 3. Public Release Date: - Public Release Date: November 20, 2024 4. Update Date: - Update Date: November 22, 2024 5. Researcher: - Researcher: vgo0 6. Fix Status: - Status: Fixed - Fixed Version: 1.4.4 7. Affected Versions: - Affected Versions: <= 1.4.3 8. Reference Links: - Reference Link: plugins.trac.wordpress.org 9. Vulnerability Details: - Describes how the Page Parts plugin improperly handles input, leading to a reflected XSS vulnerability. 10. API Information: - Database API: Wordfence Intelligence Vulnerability Database API - Documentation: API documentation and Webhook documentation 11. Exploitation: - Exploitation Method: Attackers can exploit this vulnerability to inject arbitrary scripts into pages, if users are successfully tricked into performing specific actions (e.g., clicking on links). 12. Remediation Recommendation: - Recommendation: Upgrade to Page Parts version 1.4.4 or higher. Additional Information: Wordfence Intelligence offers free and paid access to the WordPress vulnerability database, along with free Webhook integration, ensuring users stay informed about the latest vulnerabilities. Wordfence provides free and paid WordPress security solutions, including plugins, themes, and API access. Contact Information: Support: wfr-support@wordfence.com Documentation: Refer to Wordfence’s documentation and API documentation. Copyright Information: Copyright: Defiant Inc. and MITRE Corporation License: MITRE’s Common Vulnerabilities and Exposures (CVE) License. Other Links: Products: Wordfence Free, Wordfence Premium, Wordfence Care, etc. Support: Documentation, Learning Center, Free Support, Advanced Support, etc. News: Blog, News, Vulnerability Announcements, etc. About: About Wordfence, Partnerships, Career Opportunities, Contact, Security, CVE Request Form, etc. Updates: Subscribe to Wordfence’s news and updates.