Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-13390
CVE-2024-13390:
WordPress vulnerability analysis and mitigation
Overview
The ADFO – Custom data in admin dashboard WordPress plugin version 1.9.1 and below contains a Stored Cross-Site Scripting vulnerability. The vulnerability was discovered by researcher SOPROBRO and was publicly disclosed on February 18, 2025. The plugin has been temporarily closed pending a full review as of the disclosure date (Wordfence Intel, WordPress Plugin).
Technical details
The vulnerability has been assigned a CVSS score of 6.4 (Medium severity). It affects authenticated users with contributor-level access or higher, allowing them to perform stored cross-site scripting attacks (Wordfence Intel).
Impact
The vulnerability could allow authenticated attackers to inject malicious scripts that would execute in the context of other users' browsers when they access the affected admin dashboard pages (Wordfence Intel).
Mitigation and workarounds
The plugin has been temporarily closed and is not available for download pending a security review. Users are advised to disable and remove the plugin until a patched version is released (WordPress Plugin).
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management