Lucene search
WpvulndbWPVDB-ID:A5DB279D-3DB1-4DA1-B78E-9D6DA4B43C29HistoryFeb 02, 2024 - 12:00 a.m.
Auto Listings < 2.6.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
2024-02-0200:00:00
wpscan.com
7
wordpress
vulnerability
stored xss
input sanitization
output escaping
contributor+.
Description The Auto Listings – Car Listings & Car Dealership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Related
vulnrichment
vulnrichment
cve
cve
CVE-2024-24713
2024-02-10 08:15:07
prion
prion
Cross site scripting
2024-02-10 08:15:00
nvd
nvd
CVE-2024-24713
2024-02-10 08:15:07
cvelist
cvelist
wordfence
wordfence
AI Score
5.5
Confidence
High
EPSS
0
Percentile
14.0%
Related for WPVDB-ID:A5DB279D-3DB1-4DA1-B78E-9D6DA4B43C29