CVE-2024-5883

The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS

No CVSS.

References

Link	Resource
https://wpscan.com/vulnerability/a1894884-c739-4ef4-8d9c-392171ab3d68/

Configurations

No configuration.

History

29 Jul 2024, 14:12

Type	Values Removed	Values Added
Summary		(es) El complemento de WordPress Ultimate Classified Listings anterior a 1.3 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross Site Scripting reflejado que podría usarse contra usuarios con altos privilegios, como el administrador.

29 Jul 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 06:15

Updated : 2024-07-29 14:12

NVD link : CVE-2024-5883

Mitre link : CVE-2024-5883

CVE.ORG link : CVE-2024-5883

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-5883

Attach tags to `CVE-2024-5883`