CVE-2024-54207 – WordPress Auction Plugin
Published : 2024-12-06
Title: WordPress WordPress Auction Plugin plugin <= 3.7 – Cross Site Scripting (XSS) vulnerability
Description
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7.
CWE
CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CVSS
| Score | Severity | Version | Vector String |
| 5.9 | MEDIUM | 3.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L |
Vendor : n/a
Product: WordPress Auction Plugin
Vulnerable Versions: n/a through 3.7
Proof of Concept:
REDACTEDVulnerability found by: DFEND Security Researcher
References:
– https://patchstack.com/database/wordpress/plugin/wp-auctions/vulnerability/wordpress-wordpress-auction-plugin-plugin-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve
– https://www.cve.org/CVERecord?id=CVE-2024-54207