Garden Gnome Package
Monthly
DOM-based cross-site scripting (XSS) in Chief Gnome Garden Gnome Package through version 2.4.1 allows authenticated high-privilege users to inject malicious scripts via improper input neutralization during web page generation. An attacker with administrative credentials can craft requests that execute arbitrary JavaScript in the browsers of other users when they view affected pages. The vulnerability requires user interaction (UI:R) and high-privilege authentication (PR:H), significantly limiting real-world exploitation scope. EPSS exploitation probability is minimal at 0.03% (8th percentile), and no public exploit code has been identified.
The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
DOM-based cross-site scripting (XSS) in Chief Gnome Garden Gnome Package through version 2.4.1 allows authenticated high-privilege users to inject malicious scripts via improper input neutralization during web page generation. An attacker with administrative credentials can craft requests that execute arbitrary JavaScript in the browsers of other users when they view affected pages. The vulnerability requires user interaction (UI:R) and high-privilege authentication (PR:H), significantly limiting real-world exploitation scope. EPSS exploitation probability is minimal at 0.03% (8th percentile), and no public exploit code has been identified.
The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.