CVE-2024-13900 — MEDIUM (4.1)

Q: How severe is CVE-2024-13900?

CVE-2024-13900 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-13900?

Check the references section above for vendor advisories and patch information. Affected products include: Satollo Head\, Footer\, And Post Injections.

Vulnerability Description

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments.

CVSS Score

4.1

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Satollo	Head\, Footer\, And Post Injections	< 3.3.1

Related Weaknesses (CWE)

CWE-94

References

https://plugins.trac.wordpress.org/changeset/3244016/Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/5177bde6-4922-48ee-915Third Party Advisory

FAQ

What is CVE-2024-13900?

CVE-2024-13900 is a vulnerability with a CVSS score of 4.1 (MEDIUM). The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Admi...

How severe is CVE-2024-13900?

CVE-2024-13900 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-13900?

Check the references section above for vendor advisories and patch information. Affected products include: Satollo Head\, Footer\, And Post Injections.