4 matches found
CVE-2024-13347
The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...
CVE-2024-13347
creationtimestamp| type| source ---|---|--- 2025-02-03 06:15:38+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhavd4oufv2f 2025-02-03 09:27:14+00:00| seen| https://t.me/cvedetector/17056 2025-02-06 02:39:10+00:00| seen|...
CVE-2024-13347
CVE-2024-13347 affects the WordPress plugin “Essential WP Real Estate” up to version 1.1.3. The issue is a reflected Cross-Site Scripting (XSS) vulnerability caused by not escaping generated URLs before output in HTML attributes, enabling an attacker-controlled URL to inject scripts when user-pro...
CVE-2024-13347 Essential WP Real Estate <= 1.1.3 - Reflected XSS
The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...