CVE-2024-29138 - Vulnerability Details

CVE-2024-29138 - WordPress Restrict User Access plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through <= 2.5.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.03758.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Dev.institute	Restrict User Access

Configuration 1 [-]

cpe:2.3:a:dev.institute:restrict_user_access:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/restrict-user-access/vulnerability/wordpress-restrict-user-access-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/restrict-user-access/wordpress-restrict-user-access-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

History

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEV Institute Restrict User Access – Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through 2.5.	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joachim Jensen Restrict User Access – Membership Plugin with Force restrict-user-access.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through <= 2.5.
References		https://patchstack.com/database/Wordpress/Plugin/restrict-user-access/vulnerability/wordpress-restrict-user-access-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
Metrics	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}`

Tue, 25 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dev.institute Dev.institute restrict User Access
CPEs		cpe:2.3:a:dev.institute:restrict_user_access::::::wordpress::*
Vendors & Products		Dev.institute Dev.institute restrict User Access

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-03-19T13:40:40.339Z

Updated: 2026-04-01T15:33:47.580Z

Reserved: 2024-03-17T16:33:56.362Z

Link: CVE-2024-29138

Vulnrichment

Updated: 2024-08-02T01:10:53.809Z

NVD

Status : Modified

Published: 2024-03-19T14:15:09.487

Modified: 2026-04-01T16:16:52.380

Link: CVE-2024-29138

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object