CVE-2024-6792 WP ULike < 4.7.2.1 - Subscriber+ Stored-XSS

2024-09-0606:00:02

WPScan

www.cve.org

cve-2024-6792

wp ulike

wordpress plugin

stored-xss

EPSS

Percentile

9.5%

JSON

The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP ULike",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "4.7.1",
        "lessThan": "4.7.2.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/3c470edd-4b9b-461e-839f-f3a87f0060aa/

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-6792