CVE-2024-1996 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-1996?
CVE-2024-1996 is a medium-severity vulnerability affecting the Premium Addons PRO plugin for WordPress, specifically in versions up to and including 2.9.12. This Stored Cross-Site Scripting vulnerability is caused by insufficient input sanitization and output escaping on user-supplied attributes in the plugin's IHover widget link. As a result, authenticated attackers with contributor-level and above permissions can inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page.
Who is impacted by CVE-2024-1996?
The CVE-2024-1996 vulnerability affects users of the Premium Addons PRO plugin for WordPress, specifically those with contributor-level and above permissions. All versions of the plugin up to and including 2.9.12 are impacted by this vulnerability. It allows attackers to inject harmful web scripts into pages, which can then execute when a user accesses the affected page. This issue is particularly concerning for WordPress websites using the vulnerable versions of the Premium Addons PRO plugin.
What should I do if I’m affected?
If you're affected by the CVE-2024-1996 vulnerability, it's crucial to take action to protect your WordPress website. To mitigate the risk, follow these simple steps:
Update the Premium Addons PRO plugin to the latest version, which addresses the vulnerability.
Regularly check the plugin's changelog for updates and apply them as needed.
If you experience issues with the plugin, consult the changelog and contact the plugin's support team for assistance.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-1996 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.
Learn More
CVE-2024-1996 is a medium-severity vulnerability affecting the Premium Addons PRO plugin for WordPress, with potential consequences for affected websites. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-1996 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-1996?
CVE-2024-1996 is a medium-severity vulnerability affecting the Premium Addons PRO plugin for WordPress, specifically in versions up to and including 2.9.12. This Stored Cross-Site Scripting vulnerability is caused by insufficient input sanitization and output escaping on user-supplied attributes in the plugin's IHover widget link. As a result, authenticated attackers with contributor-level and above permissions can inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page.
Who is impacted by CVE-2024-1996?
The CVE-2024-1996 vulnerability affects users of the Premium Addons PRO plugin for WordPress, specifically those with contributor-level and above permissions. All versions of the plugin up to and including 2.9.12 are impacted by this vulnerability. It allows attackers to inject harmful web scripts into pages, which can then execute when a user accesses the affected page. This issue is particularly concerning for WordPress websites using the vulnerable versions of the Premium Addons PRO plugin.
What should I do if I’m affected?
If you're affected by the CVE-2024-1996 vulnerability, it's crucial to take action to protect your WordPress website. To mitigate the risk, follow these simple steps:
Update the Premium Addons PRO plugin to the latest version, which addresses the vulnerability.
Regularly check the plugin's changelog for updates and apply them as needed.
If you experience issues with the plugin, consult the changelog and contact the plugin's support team for assistance.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-1996 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.
Learn More
CVE-2024-1996 is a medium-severity vulnerability affecting the Premium Addons PRO plugin for WordPress, with potential consequences for affected websites. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-1996 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-1996?
CVE-2024-1996 is a medium-severity vulnerability affecting the Premium Addons PRO plugin for WordPress, specifically in versions up to and including 2.9.12. This Stored Cross-Site Scripting vulnerability is caused by insufficient input sanitization and output escaping on user-supplied attributes in the plugin's IHover widget link. As a result, authenticated attackers with contributor-level and above permissions can inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page.
Who is impacted by CVE-2024-1996?
The CVE-2024-1996 vulnerability affects users of the Premium Addons PRO plugin for WordPress, specifically those with contributor-level and above permissions. All versions of the plugin up to and including 2.9.12 are impacted by this vulnerability. It allows attackers to inject harmful web scripts into pages, which can then execute when a user accesses the affected page. This issue is particularly concerning for WordPress websites using the vulnerable versions of the Premium Addons PRO plugin.
What should I do if I’m affected?
If you're affected by the CVE-2024-1996 vulnerability, it's crucial to take action to protect your WordPress website. To mitigate the risk, follow these simple steps:
Update the Premium Addons PRO plugin to the latest version, which addresses the vulnerability.
Regularly check the plugin's changelog for updates and apply them as needed.
If you experience issues with the plugin, consult the changelog and contact the plugin's support team for assistance.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-1996 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.
Learn More
CVE-2024-1996 is a medium-severity vulnerability affecting the Premium Addons PRO plugin for WordPress, with potential consequences for affected websites. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions