CVE-2024-9647

🗓️ 16 Oct 2024 02:05:08Reported by WordfenceType

The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages if they can trick a user into performing an action

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-9647	16 Oct 202405:29	–	circl
CNNVD	WordPress plugin Kama SpamBlock 跨站脚本漏洞	15 Oct 202400:00	–	cnnvd
Cvelist	CVE-2024-9647 Kama SpamBlock <= 1.8.2 - Reflected Cross-Site Scripting	16 Oct 202402:05	–	cvelist
EUVD	EUVD-2024-50072	3 Oct 202520:07	–	euvd
NVD	CVE-2024-9647	16 Oct 202402:15	–	nvd
Patchstack	WordPress Kama SpamBlock plugin <= 1.8.2 - Reflected Cross-Site Scripting vulnerability	15 Oct 202413:19	–	patchstack
Patchstack	WordPress Kama SpamBlock Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)	15 Oct 202400:00	–	patchstack
Positive Technologies	PT-2024-39736 · WordPress · Kama Spamblock	15 Oct 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-9647	23 May 202508:14	–	redhatcve
Vulnrichment	CVE-2024-9647 Kama SpamBlock <= 1.8.2 - Reflected Cross-Site Scripting	16 Oct 202402:05	–	vulnrichment

Vulners

Node

tkama kama_spamblockRange≤1.8.2wordpress

[
  {
    "vendor": "tkama",
    "product": "Kama SpamBlock",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.8.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3167874/kama-spamblock/tags/1.8.3/Kama_Spamblock.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/7f2d3acb-5931-4629-8f03-4ab40fadf7c7
plugins	www.plugins.trac.wordpress.org/browser/kama-spamblock/tags/1.8.2/Kama_Spamblock.php

15 Apr 2026 00:35Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.16.1

EPSS0.01829

SSVC

CWE-79