Lucene search

[email protected]NVD:CVE-2024-24713

HistoryFeb 10, 2024 - 8:15 a.m.

CVE-2024-24713

2024-02-1008:15:07

CWE-79

[email protected]

web.nvd.nist.gov

web page generation

cross-site scripting

vulnerability

wordpress

stored xss

auto listings plugin

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5.

Affected configurations

Nvd

Node

wpautolistingsauto_listingsRange<2.6.6wordpress

VendorProductVersionCPE
wpautolistingsauto_listings*cpe:2.3:a:wpautolistings:auto_listings:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpautolistings	auto_listings	*	cpe:2.3:a:wpautolistings:auto_listings::::::wordpress::*

References

patchstack.com/database/vulnerability/auto-listings/wordpress-auto-listings-plugin-2-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve