How severe is CVE-2024-39682?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-39682?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2024-39682

MEDIUM Year: 2024

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-116

View all →

Vulnerability Description

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2019-10362

MEDIUM

CVSS:5.4(Medium)

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change...

CWE-1162019

CVE-2021-29854

MEDIUM

CVSS:5.4(Medium)

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remot...

CWE-1162021

CVE-2021-29872

MEDIUM

CVSS:5.4(Medium)

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a s...

CWE-1162021

CVE-2021-39170

MEDIUM

CVSS:5.4(Medium)

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this is...

CWE-1162021

CVE-2022-0450

MEDIUM

CVSS:5.4(Medium)

The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any a...

CWE-1162022

CVE-2022-30966

MEDIUM

CVSS:5.4(Medium)

Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (...

CWE-1162022

CVE-2024-39682

Vulnerability Description

Related Vulnerabilities

CVE-2019-10362

CVE-2021-29854

CVE-2021-29872

CVE-2021-39170

CVE-2022-0450

CVE-2022-30966