Lucene search
+L

4 matches found

NVD
NVD
added 2025/02/20 10:15 a.m.19 views

CVE-2024-13748

The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS0.00212EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/20 9:21 a.m.8 views

CVE-2024-13748 Ultimate Classified Listings <= 1.4 Authenticated (Administrator+) Stored Cross-Site Scripting via Title Parameter

The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.4AI score0.00212EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/20 9:21 a.m.22 views

CVE-2024-13748 Ultimate Classified Listings <= 1.4 Authenticated (Administrator+) Stored Cross-Site Scripting via Title Parameter

The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00212EPSS
Exploits0References2
CVE
CVE
added 2025/02/20 9:21 a.m.51 views

CVE-2024-13748

CVE-2024-13748 — Ultimate Classified Listings for WordPress has a Stored XSS in the Title parameter on all versions up to 1.4. Exploitation requires administrator-level access and affects multisite or sites with unfiltered_html disabled. Wordfence reports the vulnerability as present and notes a ...

4.8CVSS4.4AI score0.00212EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder