Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-13362— Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

CVSS 6.1 · Medium EPSS 0.12% · P30
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-13362

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress多款产品 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress多款产品存在跨站脚本漏洞,该漏洞源于输入清理和输出转义不足,可能导致反射型跨站脚本攻击。以下产品受到影响:WordPress plugin AI Bud、WordPress plugin AEH Speed Optimization
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
sebetGo Fetch Jobs (for WP Job Manager) 0 ~ 1.8.4.8.1 -
5starpluginsDynamic Copyright Year 0 ~ 1.0.4 -
peterschulznlCode Manager 0 ~ 1.0.40 -
bpluginsAdvanced Scrollbar – Custom Scrollbar Styling and Behavior 0 ~ 1.1.3 -
yuvaloGoal Tracker – Custom Event Tracking for GA4 0 ~ 1.1.5 -
essekiaTablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0 ~ 1.1.13 -
josevegaWP Page Templates 0 ~ 1.1.16 -
hkdigitalagencyPayment Gateway for ACBA BANK 0 ~ 1.2.6 -
princeahmedDracula Dark Mode – Accessibility, Reading Mode & Dark Mode for WordPress 0 ~ 1.2.7 -
spiderdevsForumax – AI Powered Advanced Community Forum Plugin 0 ~ 1.2.7 -
seezeeFive-Star Ratings Shortcode 0 ~ 1.2.56 -
oxilabProduct Layouts for WooCommerce 0 ~ 1.3.1 -
mr2pMeta Field Block – Display custom fields in the Block Editor without coding 0 ~ 1.3.3 -
themelocationCustom WooCommerce Checkout Fields Editor 0 ~ 1.3.4 -
100pluginsOpen User Map 0 ~ 1.4.0 -
wpdeverWP Notification Bell 0 ~ 1.4.2 -
themelocationRemove Add to Cart WooCommerce 0 ~ 1.4.7 -
princeahmedFile Manager for Google Drive – Integrate Google Drive 0 ~ 1.4.9 -
5starpluginsMarijuana Age Verify 0 ~ 1.5.5 -
infosatechRevivePress – Keep your Old Content Evergreen 0 ~ 1.5.8 -
nicheaddonsRestaurant & Cafe Addon for Elementor 0 ~ 1.5.8 -
paretodigitalSend Users Email – Email Subscribers, Email Marketing Newsletter 0 ~ 1.5.10 -
unitecmsUnlimited Elements For Elementor 0 ~ 1.5.140 -
meowcrewRole Based Pricing for Woo by Meow Crew 0 ~ 1.6.0 -
nicheaddonsPrimary Addon for Elementor 0 ~ 1.6.0 -
5starpluginsFeatured Images in RSS for Mailchimp & More 0 ~ 1.6.3 -
wpsaadImage Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI 0 ~ 1.6.3 -
kofimokomeMessage Filter for Contact Form 7 0 ~ 1.6.3.2 -
paretodigitalEmbedder for Google Reviews 0 ~ 1.6.6 -
interactivegeomapsMapGeo – Interactive Geo Maps 0 ~ 1.6.22 -
wpbitsWPBITS Addons For Elementor Page Builder 0 ~ 1.7 -
toddhalfpennyWidgets on Pages 0 ~ 1.7 -
rebelcodeSpotlight Social Feeds – Block, Shortcode, and Widget 0 ~ 1.7.0 -
tobias_conradWOW Styler for CF7 – Visual Styler for Contact Form 7 Forms 0 ~ 1.7.0 -
webfactoryAI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o 0 ~ 1.7.2 -
hasanazizulText To Speech TTS Accessibility 0 ~ 1.7.34 -
5starpluginsEasy Age Verify 0 ~ 1.8.5 -
senolsAI Puffer – Chat. Create. Automate. (formerly AI Power) 0 ~ 1.8.99 -
damian-goraJustified Gallery 0 ~ 1.9.0 -
mapsterMapster WP Maps 0 ~ 1.9.0 -
streamweaselsStreamWeasels Twitch Integration 0 ~ 1.9.2 -
xplodedthemesXT Variation Swatches for WooCommerce 0 ~ 1.9.4 -
bpluginsbBlocks – Essential Gutenberg Blocks & Patterns Collection 0 ~ 1.9.8 -
kaizencodersURL Shortify – Simple and Easy URL Shortener 0 ~ 1.10.4 -
uriahs-victorKikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce 0 ~ 1.10.6 -
cyberhoboGeo Mashup 0 ~ 1.13.15 -
josevegaDisable Payment Methods based on cart conditions for WooCommerce 0 ~ 1.16.3 -
pagupAutomatic Internal Links for SEO by Pagup 0 ~ 2.0.0 -
enwebyFull Screen Background 0 ~ 2.0.2 -
litonice13Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits 0 ~ 2.0.7.2 -
princeahmedRadio Player – Live Shoutcast, Icecast and Any Audio Stream Player 0 ~ 2.0.82 -
spicethemesCarousel, Recent Post Slider and Banner Slider 0 ~ 2.1 -
pagupBulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) 0 ~ 2.1.0 -
xplodedthemesXT Quick View for WooCommerce 0 ~ 2.1.5 -
pluginscafeSmart phone field for Gravity Forms 0 ~ 2.1.6 -
foopluginsNotification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar 0 ~ 2.1.34 -
bpluginsPDF Poster – Display PDF Files with Custom Viewer 0 ~ 2.2.0 -
nicheaddonsEvents Addon for Elementor 0 ~ 2.2.2 -
bpluginsHTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 0 ~ 2.2.27 -
mte90Glossary 0 ~ 2.2.38 -
tickeraRestrict – membership, site, content and user access restrictions for WordPress 0 ~ 2.3.0 -
cyclonecodeCustom PHP Settings 0 ~ 2.3.1 -
prasadkirpekarWP Meta and Date Remover 0 ~ 2.3.4 -
fullworksAnti-Spam Protection – No API Key, GDPR Friendly 0 ~ 2.3.7 -
premmercePremmerce Permalink Manager for WooCommerce 0 ~ 2.3.11 -
smartwpressMusic Player for Elementor – Audio Player & Podcast Player 0 ~ 2.4.1 -
mhmrajibTopNewsWp – Display Tikcer News, RSS Feed Widget and Many More 0 ~ 2.4.1 -
oceanwpOcean Extra 0 ~ 2.4.2 -
foopluginsGallery by FooGallery 0 ~ 2.4.27 -
plugins360Automatic YouTube Gallery 0 ~ 2.5.5 -
spiderdevsEazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder 0 ~ 2.5.7 -
samdaniTeam Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More 0 ~ 2.5.8 -
tonyzeoliRadio Station by netmix® – Manage and play your Show Schedule in WordPress! 0 ~ 2.5.9 -
kairaStoreCustomizer – A plugin to Customize all WooCommerce Pages 0 ~ 2.5.9 -
wpjoliJoli Table Of Contents 0 ~ 2.6.0 -
passionatebrainsGA4WP – Analytics Dashboard for the Website 0 ~ 2.6.0 -
nitin247Place Order Without Payment for WooCommerce 0 ~ 2.6.5 -
wordplusBetter Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages 0 ~ 2.6.7 -
mihail-barinovShare This Image 0 ~ 2.07 -
inaviiInavii Social Feed 0 ~ 2.7.0 -
foopluginsLightbox & Modal Popup WordPress Plugin – FooBox 0 ~ 2.7.33 -
xplodedthemesXT Floating Cart for WooCommerce 0 ~ 2.8.4 -
takanakuiWP Mobile Menu – The Mobile-Friendly Responsive Menu 0 ~ 2.8.6 -
passionatebrainsAEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization 0 ~ 2.9.2 -
bensibleyIndependent Analytics 0 ~ 2.9.7 -
codesavoryKnowledge Base documentation & wiki plugin – BasePress Docs 0 ~ 2.16.3.3 -
davidandersonInternal Link Juicer: SEO Auto Linker for WordPress 0 ~ 2.24.6 -
josevegaBulk Edit Posts and Products in Spreadsheet 0 ~ 2.25.16 -
saadiqbalPost SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App 0 ~ 3.0.0 -
tobiasbgTablePress – Tables in WordPress made easy 0 ~ 3.0.2 -
bouncingsproutUltimeter 0 ~ 3.0.5 -
blackandwhitedigitalTreePress – Easy Family Trees & Ancestor Profiles 0 ~ 3.0.6 -
mattpramschuferPay For Post with WooCommerce 0 ~ 3.1.26 -
koen12344Post to Google My Business (Google Business Profile) 0 ~ 3.1.28 -
imtiazrayhanWP Coupons and Deals – Coupon Plugin For Affiliate Marketers 0 ~ 3.2.2 -
pluginswareAdvanced Classifieds & Directory Pro 0 ~ 3.2.4 -
gallerycreatorMixed Media Gallery Blocks 0 ~ 3.2.4.4 -
blockspareBlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor 0 ~ 3.2.6 -
mhmrajibAidWP – Donation & Payment Forms (Stripe Powered) 0 ~ 3.2.6 -
infornwebLogo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid 0 ~ 3.2.7 -
pluginandplayPost Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider 0 ~ 3.2.7 -
samdaniSolid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews 0 ~ 3.2.8 -
wpspeedoTeam Members Showcase 0 ~ 3.3.0 -
elespareEleSpare – News, Magazine and Blog Addons for Elementor 0 ~ 3.3.2 -
infornwebPost List Designer – Category Post, Recent Post, Post List 0 ~ 3.3.7 -
infornwebBlog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News 0 ~ 3.4.9 -
dashlabsltdYASR – Yet Another Star Rating Plugin for WordPress 0 ~ 3.4.12 -
xplodedthemesWPIDE – File Manager & Code Editor 0 ~ 3.5.1 -
premmercePremmerce Product Filter for WooCommerce 0 ~ 3.7.3 -
afthemesWP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars 0 ~ 3.8.3 -
wpmagicsDelete Posts automatically 0 ~ 3.9.6 -
takanakuiMenu Image, Icons made easy 0 ~ 3.12 -
passionatebrainsAWCA – The Great Analytics Insights for Your eStore 0 ~ 3.12.0 -
mikewire_rocksolidAnnouncement & Notification Banner – Bulletin 0 ~ 3.12.1 -
nitin247Thank You Page for WooCommerce 0 ~ 4.2.0 -
webheadllcContact Form 7 Multi-Step Forms 0 ~ 4.4.1 -
speedifyAuto-Install Free SSL – Generate & Install Free SSL Certificates 0 ~ 4.5.0 -
mhmrajibWP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes 0 ~ 4.6.8 -
webba-agencyEasy Appointment Booking & Scheduling System – Webba Booking Calendar 0 ~ 5.0.57 -
invisnetWP fail2ban – Advanced Security 0 ~ 5.3.4 -
vinod-dalviIvory Search – WordPress Search Plugin 0 ~ 5.5.8 -
peterschulznlWP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards 0 ~ 5.5.31 -
elliotvsCoupon Affiliates – Affiliate Plugin for WooCommerce 0 ~ 5.17.2 -
cleverpluginsSecurity Ninja – WordPress Security & Firewall 0 ~ 5.222 -
theafricanbossCheckout with Cash App on WooCommerce 0 ~ 6.0.2 -
fullworksDisplay Eventbrite Events 0 ~ 6.1.10 -
mohsinofflineSecure Gateway for Authorize.net and WooCommerce by Pledged Plugins 0 ~ 6.1.13 -
sjavedEasy Social Feed – Social Photos Gallery and Post Feed for WordPress 0 ~ 6.6.5 -
gn_themesWP Shortcodes Plugin — Shortcodes Ultimate 0 ~ 7.3.3 -
gowebsmartyWP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan 0 ~ 7.7.0 -
tripettoWordPress form builder plugin for contact forms, surveys and quizzes – Tripetto 0 ~ 8.0.7 -

II. Public POCs for CVE-2024-13362

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-13362

登录查看更多情报信息。

IV. Related Vulnerabilities

Same weakness: CWE-79

V. Comments for CVE-2024-13362

No comments yet

Leave a comment