AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-5789: The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the them

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 13, 2024CVE-2024-5789

Summary

The Triton Lite WordPress theme has a stored cross-site scripting vulnerability (XSS, where attackers inject malicious scripts that run when others view a page) in its Button shortcode's 'url' attribute, affecting all versions up to 1.3. Users with Contributor-level access or higher can inject arbitrary scripts that execute whenever someone visits an affected page due to insufficient input sanitization (cleaning of user input) and output escaping (converting special characters to prevent code execution).

Vulnerability Details

CVSS Score

6.4(medium)

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-79

CAPEC (Attack Pattern)

CAPEC-198 CAPEC-86

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-5789

First tracked: February 15, 2026 at 08:45 PM

Classified by LLM (prompt v3) · confidence: 95%