Unrated severityNVD Advisory· Published Jul 30, 2024· Updated Oct 28, 2024

Send email only on Reply to My Comment <= 1.0.6 - Stored XSS via CSRF

CVE-2024-6224

Description

The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Send Email Only On Reply To My Commentinferred
Range: <=1.0.6
Package: https://wordpress.org/plugins/send-email-only-on-reply-to-my-comment
Send email only on Reply to My Comment/Send email only on Reply to My Commentllm-create
Range: <=1.0.6

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/54457f1b-6572-4de0-9100-3433c715c5ce/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000