CVE-2024-6529

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

7.1HIGH

EPSS

52.4%

top 2.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Ultimate Classified Listings Webcodingplace Ultimate Classified Listings

Timeline

PublishedAug 1

Description

The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages2 packages

▶CVEListV5unknown/ultimate_classified_listings< 1.4

▶NVDwebcodingplace/ultimate_classified_listings< 1.4

🔴Vulnerability Details

GHSA

GHSA-g4q4-8vjq-c7c8: The Ultimate Classified Listings WordPress plugin before 1↗2024-08-01

▶

CVEList

Ultimate Classified Listings < 1.4 - Reflected XSS↗2024-08-01

▶