CVE-2024-9182

Description

The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

PUBLISHED Reserved 2024-09-25 | Published 2025-05-15 | Updated 2025-05-17 | Assigner WPScan

Problem types

CWE-79 Cross-Site Scripting (XSS)

Product status

Credits

Krugov Artyom finder

WPScan coordinator

References

wpscan.com/...rability/40007323-d684-430d-a882-8b4dfb76172b/ exploit vdb-entry technical-description

cve.org (CVE-2024-9182)

nvd.nist.gov (CVE-2024-9182)

Download JSON