关键漏洞信息 漏洞名称 Ajax Search Lite <= 4.12.2 - Admin+ Stored XSS 描述 该插件未对某些设置进行清理和转义,允许具有高权限的用户(如管理员)执行存储型跨站脚本攻击,即使在禁用 功能的情况下也是如此(例如在多站点设置中)。 影响插件 ajax-search-lite: 在4.12.3版本中修复 参考资料 CVE: CVE-2024-8619 URL: https://research.cleantalk.org/cve-2024-8619/ 分类 类型: XSS OWASP Top 10: A7: Cross-Site Scripting (XSS) CWE: CWE-79 CVSS: 3.5 (低) 其他信息 原始研究员: Dmitriy Ignatyev 提交者: Dmitriy Ignatyev 提交者网站: https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/ 验证: 是 WPVDB ID: 84f6733e-028a-4288-b01a-7578a4a89dbe 时间线 公开发布: 2024-08-02(约9个月前) 添加: 2024-09-17(约7个月前) 最后更新: 2024-09-17(约7个月前) 其他相关漏洞 2025-02-03: Job Board Manager <= 2.1.60 - Reflected Cross-Site Scripting 2024-10-09: Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode 2024-07-04: MakeCommerce for WooCommerce < 3.5.2 - Reflected Cross-Site Scripting 2025-01-16: Mini3dOM RyeBread Widgets <= 1.0 - Reflected Cross-Site Scripting 2024-04-25: Annual Archive <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting