CVE-2024-35693 PoC — WordPress 12 Step Meeting List plugin <= 3.14.33 - Cross Site Scripting (XSS) vulnerability

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-35693.yaml

Associated Vulnerability

Title:WordPress 12 Step Meeting List plugin <= 3.14.33 - Cross Site Scripting (XSS) vulnerability (CVE-2024-35693)
Description:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list.This issue affects 12 Step Meeting List: from n/a through <= 3.14.33.

Description

Code for Recovery 12 Step Meeting List versions up to 3.14.33 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft a malicious URL.

File Snapshot


 id: CVE-2024-35693

info:
  name: WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scri

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →