CVE-2024-12540

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12540
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54288. Reason: This candidate is a reservation duplicate of CVE-2024-54288. Notes: All CVE users should reference CVE-2024-54288 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

17 Jan 2025, 17:15

Type Values Removed Values Added
Summary (en) The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. (en) Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54288. Reason: This candidate is a reservation duplicate of CVE-2024-54288. Notes: All CVE users should reference CVE-2024-54288 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVSS v2 : unknown
v3 : 6.1 		v2 : unknown
v3 : unknown
References
  • {'url': 'https://plugins.trac.wordpress.org/browser/ldd-directory-lite/trunk/templates/frontend/edit-submit.php#L10', 'source': 'security@wordfence.com'}
  • {'url': 'https://wordpress.org/plugins/ldd-directory-lite/#developers', 'source': 'security@wordfence.com'}
  • {'url': 'https://www.wordfence.com/threat-intel/vulnerabilities/id/f7675e1c-7194-4cfe-81fb-a78d75e0bb1e?source=cve', 'source': 'security@wordfence.com'}
CWE CWE-79

07 Jan 2025, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-07 04:15

Updated : 2025-01-17 17:15

NVD link : CVE-2024-12540

Mitre link : CVE-2024-12540

CVE.ORG link : CVE-2024-12540

JSON object : View

Products Affected

No product.

CWE

No CWE.