CVE-2024-6529

HIGH

CVSS v3

7.1

HIGH

EPSS Score

52.4%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Technical Details

Published
8/1/2024

Frequently Asked Questions

What is CVE-2024-6529?

The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Is CVE-2024-6529 actively exploited?

Active exploitation of CVE-2024-6529 has not been confirmed. The EPSS score is 52.4%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-6529?

CVE-2024-6529 has a CVSS v3 base score of 7.1 (HIGH severity).

Is CVE-2024-6529 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.