CVE-2024-9267

🗓️ 01 Oct 2024 07:30:15Reported by WordfenceType

The Easy WordPress Subscribe – Optin Hound plugin is vulnerable to Reflected Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-9267	1 Oct 202411:03	–	circl
CNNVD	WordPress plugin Easy WordPress Subscribe 跨站脚本漏洞	1 Oct 202400:00	–	cnnvd
Cvelist	CVE-2024-9267 Easy WordPress Subscribe – Optin Hound <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter	1 Oct 202407:30	–	cvelist
EUVD	EUVD-2024-50303	3 Oct 202520:07	–	euvd
NVD	CVE-2024-9267	1 Oct 202408:15	–	nvd
Patchstack	WordPress Optin Hound Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)	1 Oct 202400:00	–	patchstack
Patchstack	WordPress Optin Hound plugin <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability	1 Oct 202403:47	–	patchstack
Positive Technologies	PT-2024-39525 · WordPress · Easy Wordpress Subscribe – Optin Hound	1 Oct 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-9267	23 May 202510:37	–	redhatcve
Vulnrichment	CVE-2024-9267 Easy WordPress Subscribe – Optin Hound <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter	1 Oct 202407:30	–	vulnrichment

Vulners

Node

optinhound easy_wordpress_subscribe_optin_houndRange≤1.4.3wordpress

[
  {
    "vendor": "optinhound",
    "product": "Easy WordPress Subscribe – Optin Hound",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.4.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/opt-in-hound/trunk/includes/subscribers/views/view-submenu-page-subscribers.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/b91ec428-8444-4304-8901-4bc3ef146e3e
wordpress	www.wordpress.org/plugins/opt-in-hound/

15 Apr 2026 00:35Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.1

EPSS0.01422

SSVC

CWE-79