Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

CVE-2024-13624

HIGH

Published 2025-02-26T06:00:08.816Z

Actions:

CVSS Score

V3.1

7.1

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Base Score Metrics

Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Impact Metrics

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Description

The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Available Exploits

WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting

The WPMovieLibrary WordPress plugin through version 2.1.4.8 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'order' parameter in the import page before outputting it back, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context.

ID: CVE-2024-13624

Author: ritikchaddha High

References:

Related News

No news articles found for this CVE.

Affected Products

Unknown

WPMovieLibrary

Affected Versions:

References

https://wpscan.com/vulnerability/c19b56cc-634f-420f-b6a0-9a10ad159049/

Published: 2025-02-26T06:00:08.816Z

Last Modified: 2025-02-26T15:45:44.910Z

Copied to clipboard!