CVE-2024-12122: ResAds <= 2.0.6 - Reflected Cross-Site Scripting via Multiple Parameters
First published: Thu Jan 09 2025(Updated: )
The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ResAds | <=2.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-12122?
CVE-2024-12122 has a medium severity rating due to the risk of reflected cross-site scripting attacks.
How do I fix CVE-2024-12122?
To fix CVE-2024-12122, update the ResAds plugin to version 2.0.7 or later, which addresses the vulnerability.
Who is affected by CVE-2024-12122?
CVE-2024-12122 affects users of the ResAds plugin for WordPress in all versions up to 2.0.6.
What kind of attacks can occur due to CVE-2024-12122?
CVE-2024-12122 allows unauthenticated attackers to inject arbitrary scripts through reflected cross-site scripting vulnerabilities.
When was CVE-2024-12122 disclosed?
CVE-2024-12122 was disclosed in 2024 and impacts multiple parameters due to inadequate input sanitization.
- agent/references
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/resads
- canonical/resads