CVE-2024-2846

🗓️ 09 May 2024 20:03:36Reported by WordfenceType

The Visual Footer Credit Remover WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping

Reporter	Title	Published	Views	Family All 11
CNNVD	WordPress plugin Visual Footer Credit Remover 安全漏洞	14 May 202400:00	–	cnnvd
Cvelist	CVE-2024-2846 Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting	9 May 202420:03	–	cvelist
EUVD	EUVD-2024-27790	3 Oct 202520:07	–	euvd
NVD	CVE-2024-2846	14 May 202415:21	–	nvd
Patchstack	WordPress Visual Footer Credit Remover plugin <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability	8 May 202402:17	–	patchstack
Patchstack	WordPress Visual Footer Credit Remover Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)	8 May 202400:00	–	patchstack
Positive Technologies	PT-2024-22444 · WordPress · Visual Footer Credit Remover	9 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-2846	7 Jan 202609:12	–	redhatcve
Vulnrichment	CVE-2024-2846 Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting	9 May 202420:03	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)	16 May 202413:04	–	wordfence

Vulners

Node

upwerd visual_footer_credit_removerRange≤1.2wordpress

[
  {
    "vendor": "upwerd",
    "product": "Visual Footer Credit Remover",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/9fcb65a0-4218-4728-9c29-0d1a03f438a6
plugins	www.plugins.trac.wordpress.org/changeset

15 Apr 2026 00:35Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.14.4

EPSS0.00442

SSVC

CWE-79