From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Plugin Name: WP ULike < 4.7.2.1 - Subscriber+ Stored-XSS 2. Description: The plugin fails to properly sanitize user display names against XSS when rendering public pages. 3. Proof of Concept: - Enable visibility of likes on content. - Create a new post or page containing the likers box. - Create a user with Subscriber level permissions, whose display name includes a payload. - Have that user like the content. - Observe the execution of XSS JavaScript when any user accesses the page. 4. Affected Plugin: wp-ulike 5. References: - CVE: CVE-2024-6792 6. Classification: - Type: XSS - OWASP Top 10: A7: Cross-Site Scripting (XSS) - CWE: CWE-79 7. Additional Information: - Original Researcher: stealthcopter - Submitter: stealthcopter - Submitter Website: https://sec.stealthcopter.com - Submitter Twitter: stealthcopter - Verified: Yes - WPVDB ID: 3c470edd-4b9b-461e-839f-f3a87f0060aa - Publication Date: 2024-08-16 - Added Date: 2024-08-16 - Last Updated: 2024-08-16 - Related Articles: - brafton WordPress Plugin <=3.4.7 - Reflected XSS - WP Media Category Management < 2.3.0 - Reflected Cross-Site Scripting - WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds - Job Board by BestWebSoft < 1.0.1 - Admin+ Stored XSS - WP Go Maps (formerly WP Google Maps) < 9.0.33 - Contributor+ Stored Cross-Site Scripting via Shortcode This information provides a detailed description of the vulnerability, its scope, and related articles, aiding in understanding the nature and impact of the vulnerability.