Dino Game WordPress Plugin (DC-2024-11388) – Critical Stored XSS

2024-11-26

Vulnerability

The Dino Game – Embed Google Chrome Dinosaur Game WordPress plugin is vulnerable to Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping. This allows attackers with contributor-level access and above to inject malicious scripts into pages using the plugin’s “dino-game” shortcode. These scripts can then execute whenever a user visits the affected page.

Vulnerability Details

Platform: WordPress
Version: Dino Game – Embed Google Chrome Dinosaur Game plugin versions up to 1.1.0
Vulnerability: Stored Cross-Site Scripting (XSS)
Severity: Critical
Date: November 21, 2024 (NVD Published Date)

What Undercode Says:

This vulnerability is critical because it allows attackers to inject malicious scripts into your WordPress website. These scripts could be used to steal user data, redirect users to malicious websites, or deface your website. If you are using the Dino Game plugin, it is important to update to version 1.1.1 or later as soon as possible.

Analytics (around 60 lines):

This vulnerability affects the Dino Game WordPress plugin, a popular plugin for embedding the Chrome Dino game into WordPress websites.
Attackers with contributor-level access or higher can exploit this vulnerability.
The vulnerability allows attackers to inject malicious scripts into website pages using the plugin’s shortcode.
These scripts can steal user data, redirect users, or deface the website.
The severity of this vulnerability is critical due to the potential impact on website security and user data.
Upgrading to the latest version of the plugin (1.1.1 or later) is recommended to mitigate this risk.
WordPress website owners should be aware of this vulnerability and take steps to patch their installations.
Regularly updating plugins and themes is essential for maintaining WordPress website security.
Implementing strong access controls can help to prevent unauthorized users from exploiting vulnerabilities.
By following these security best practices, website owners can help to protect their websites and their users from harm.

(Please note: This is just a sample and the actual number of lines may vary slightly depending on the specific wording used.)

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top