The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks.
Metrics
Affected Vendors & Products
References
History
Wed, 14 May 2025 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpmarka
Wpmarka wordpress Auction |
|
CPEs | cpe:2.3:a:wpmarka:wordpress_auction:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Wpmarka
Wpmarka wordpress Auction |
Tue, 07 Jan 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Tue, 07 Jan 2025 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks. | |
Title | WordPress Auction <= 3.7 - Editor+ Stored XSS | |
References |
|

Status: PUBLISHED
Assigner: WPScan
Published: 2025-01-07T06:00:05.825Z
Updated: 2025-01-07T15:17:33.768Z
Reserved: 2024-09-13T19:46:12.213Z
Link: CVE-2024-8857

Updated: 2025-01-07T15:17:26.016Z

Status : Analyzed
Published: 2025-01-07T06:15:18.100
Modified: 2025-05-14T13:39:12.877
Link: CVE-2024-8857

No data.