What is CVE-2024-6529?

CVE-2024-6529 is a vulnerability in Ultimate Classified Listings, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). Published 2024-08-01.

Is CVE-2024-6529 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ultimate Classified Listings

CVE-2024-6529

The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such…

EPSS: 0.524 (98.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Ultimate Classified Listings — versions 0

Public proof-of-concept exploits

Abdurahmon3236/CVE-2024-6529
20142995/nuclei-templates
ARPSyndicate/cve-scores
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/1a346c9a-cc1a-46b1-b27a-a77a38449933/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-6529?: CVE-2024-6529 is a vulnerability in Ultimate Classified Listings, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). Published 2024-08-01.
Is CVE-2024-6529 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.