
Cloud Vulnerability DB
A community-led vulnerabilities database
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WordPress Post Type Builder (PTB) plugin, identified as CVE-2024-31365. The vulnerability affects versions before 2.1.1 of the Post Type Builder plugin and was disclosed on April 9, 2024. The issue stems from improper neutralization of input during web page generation (Patchstack Database).
The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High), with the following vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (Patchstack Database).
The vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site, potentially compromising the security of both the website and its users (Patchstack Database).
Users are advised to update to version 2.1.1 or later of the Post Type Builder plugin to resolve the vulnerability. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack Database).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."