Home

Description

The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.

PUBLISHED Reserved 2024-07-16 | Published 2024-09-06 | Updated 2024-09-06 | Assigner WPScan

Problem types

CWE-79 Cross-Site Scripting (XSS)

Product status

Default status
unaffected

4.7.1 (semver) before 4.7.2.1
affected

Credits

stealthcopter finder

WPScan coordinator

References

wpscan.com/...rability/3c470edd-4b9b-461e-839f-f3a87f0060aa/ exploit vdb-entry technical-description

cve.org (CVE-2024-6792)

nvd.nist.gov (CVE-2024-6792)

Download JSON