CVE-2024-5728

🗓️ 28 Jun 2024 06:00:04Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 45 Views🌐 WEB

CVE-2024-5728 Animated AL List WordPress plugin XS

Reporter	Title	Published	Views	Family All 11
Cvelist	CVE-2024-5728 Animated AL List <= 1.0.6 - Reflected XSS	28 Jun 202406:00	–	cvelist
NVD	CVE-2024-5728	28 Jun 202406:15	–	nvd
OSV	CVE-2024-5728	28 Jun 202406:15	–	osv
Patchstack	WordPress Animated AL List plugin <= 1.0.6 - Reflected XSS vulnerability	1 Jul 202403:44	–	patchstack
Patchstack	WordPress Animated AL List Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)	1 Jul 202400:00	–	patchstack
Positive Technologies	PT-2024-37104 · WordPress · Animated Al List Wordpress Plugin	28 Jun 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-5728	23 May 202509:29	–	redhatcve
Vulnrichment	CVE-2024-5728 Animated AL List <= 1.0.6 - Reflected XSS	28 Jun 202406:00	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)	13 Jun 202415:35	–	wordfence
wpexploit	Animated AL List <= 1.0.6 - Reflected XSS	7 Jun 202400:00	–	wpexploit

NVD

Vulners

Vulnrichment

Node

alexdtn animated_al_listRange≤1.0.6wordpress

[
  {
    "vendor": "Unknown",
    "product": "Animated AL List",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.0.6"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/287c4e8c-9092-4cb9-9642-e4f3d10f46fa/

Parameter	Position	Path	Description	CWE
pid	query param	/wp-admin/admin.php?page=animated_al_show&active=0&pid="><script>alert(3)</script>	Reflected Cross-Site Scripting via unsanitized parameter output	CWE-79

19 May 2025 20:48Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.4

EPSS0.00244

SSVC

CWE-79