{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T18:21:59.628","vulnerabilities":[{"cve":{"id":"CVE-2024-55864","sourceIdentifier":"vultures@jpcert.or.jp","published":"2024-12-17T05:15:09.937","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page."},{"lang":"es","value":"Existe una vulnerabilidad de Cross-Site Scripting en las versiones de My WP Customize Admin/Frontend anteriores a la 1.24.1. Si un usuario administrativo malintencionado personaliza la página administrativa con algún contenido malintencionado, se puede ejecutar una secuencia de comandos arbitraria en el navegador web de los demás usuarios que acceden a la página."}],"metrics":{"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://jvn.jp/en/vu/JVNVU90748215/","source":"vultures@jpcert.or.jp"},{"url":"https://mywpcustomize.com/update-history-my-wp-customize-admin-frontend-1-24-1/","source":"vultures@jpcert.or.jp"},{"url":"https://wordpress.org/plugins/my-wp/#developers","source":"vultures@jpcert.or.jp"}]}}]}