CVE-2024-11807: NPS computy <= 2.8.0 - Reflected Cross-Site Scripting
First published: Wed Dec 04 2024(Updated: )
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Computy NPS | <=2.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11807?
The severity of CVE-2024-11807 is classified as high due to the potential for unauthenticated attackers to exploit the vulnerability.
How do I fix CVE-2024-11807?
To fix CVE-2024-11807, update the NPS computy plugin to version 2.8.1 or later which includes patches for the vulnerability.
What are the affected versions of NPS computy for CVE-2024-11807?
All versions of NPS computy up to and including 2.8.0 are affected by CVE-2024-11807.
What type of vulnerability is CVE-2024-11807?
CVE-2024-11807 is a reflected Cross-Site Scripting (XSS) vulnerability.
Who can exploit the CVE-2024-11807 vulnerability?
The CVE-2024-11807 vulnerability can be exploited by unauthenticated attackers.
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/nps
- canonical/computy nps