CVE-2024-10577

6.1 MEDIUM
Published: November 13, 2024 Modified: April 15, 2026
View on NVD

Description

The ่ƒ–้ผ ้‡‡้›†(Fat Rat Collect) ๅพฎไฟก็ŸฅไนŽ็ฎ€ไนฆ่…พ่ฎฏๆ–ฐ้—ปๅˆ—่กจๅˆ†้กต้‡‡้›†, ่ฟ˜ๆœ‰่‡ชๅŠจ้‡‡้›†ใ€่‡ชๅŠจๅ‘ๅธƒใ€่‡ชๅŠจๆ ‡็ญพใ€็ญ‰ๅคš้กนๅŠŸ่ƒฝใ€‚ๅผ€ๆบๆ’ไปถ plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3191188%40fat-rat-collect%2Ftrunk&old=3119807%40fat-rat-collect%2Ftrunk&sfp_email=&sfph_mail=
Source: security@wordfence.com
https://wordpress.org/plugins/fat-rat-collect/
Source: security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/664d265b-7b35-4c61-b48b-d051b7fb5ebd?source=cve
Source: security@wordfence.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
6.1 / 10.0
EPSS (Exploit Probability)
1.6%
82th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Related CVEs

CVE-2026-41242 N/A
CVE-2026-40948 N/A
CVE-2026-2986 6.4
CVE-2026-2505 5.4
CVE-2026-0894 6.4