Get Started

WordPress: Stored XSS Vulnerability in wp-publications Plugin

by the Hossted team
30.12.2024

In wp-publications WordPress plugin versions 1.2 and prior a low severity vulnerability CVE-2024-11605 was detected. This vulnerability allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks by exploiting unescaped filenames, even when the unfiltered_html capability is disallowed (e.g., in a multisite setup). No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11605.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR