Wp Custom Admin Interface
Monthly
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the Northern Beaches Websites WP Custom Admin Interface WordPress plugin through version 7.42, allowing attackers to inject and execute arbitrary JavaScript code in users' browsers. This vulnerability affects all installations of the plugin up to and including version 7.42, enabling attackers to steal session cookies, perform unauthorized actions on behalf of authenticated administrators, or redirect users to malicious sites. While no CVSS score or EPSS probability has been published, the DOM-based XSS classification (CWE-79) combined with the plugin's administrative scope indicates a high-severity risk requiring immediate patching.
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the Northern Beaches Websites WP Custom Admin Interface WordPress plugin through version 7.42, allowing attackers to inject and execute arbitrary JavaScript code in users' browsers. This vulnerability affects all installations of the plugin up to and including version 7.42, enabling attackers to steal session cookies, perform unauthorized actions on behalf of authenticated administrators, or redirect users to malicious sites. While no CVSS score or EPSS probability has been published, the DOM-based XSS classification (CWE-79) combined with the plugin's administrative scope indicates a high-severity risk requiring immediate patching.