Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by edmonparker
CVE-2026-7472 (GCVE-0-2026-7472)
Vulnerability from cvelistv5 – Published: 2026-05-20 01:25 – Updated: 2026-05-20 17:16
VLAI
Title
Read More & Accordion <= 3.5.7 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter
Summary
The Read More & Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_sql() without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit() and getAccordionAllDataByLimit() functions in ReadMoreData.php. The user-supplied $_GET['orderby'] value is only processed through esc_attr() (an HTML-escaping function) before being passed to these database functions, where esc_sql() is applied but the value is directly concatenated—unquoted—into the ORDER BY fragment of the SQL query before $wpdb->prepare() is called. Because esc_sql() only escapes quote characters and backslashes (which are irrelevant in an unquoted ORDER BY context), an attacker can inject arbitrary SQL expressions such as (SELECT SLEEP(5)) or conditional subqueries to perform time-based blind data extraction. This makes it possible for authenticated attackers with administrator-level access or above (or any role explicitly permitted access to the plugin's admin pages via the yrm-user-roles setting) to extract sensitive data from the database, including administrator credential hashes.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
9 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| edmonparker | Read More & Accordion |
Affected:
0 , ≤ 3.5.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T17:16:22.722056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T17:16:36.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Read More \u0026 Accordion",
"vendor": "edmonparker",
"versions": [
{
"lessThanOrEqual": "3.5.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "BIMA IKHSAN"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Read More \u0026 Accordion plugin for WordPress is vulnerable to time-based blind SQL Injection via the \u0027orderby\u0027 parameter in all versions up to, and including, 3.5.7. This is due to the use of esc_sql() without surrounding the value in quotes in an ORDER BY clause inside the getAllDataByLimit() and getAccordionAllDataByLimit() functions in ReadMoreData.php. The user-supplied $_GET[\u0027orderby\u0027] value is only processed through esc_attr() (an HTML-escaping function) before being passed to these database functions, where esc_sql() is applied but the value is directly concatenated\u2014unquoted\u2014into the ORDER BY fragment of the SQL query before $wpdb-\u003eprepare() is called. Because esc_sql() only escapes quote characters and backslashes (which are irrelevant in an unquoted ORDER BY context), an attacker can inject arbitrary SQL expressions such as (SELECT SLEEP(5)) or conditional subqueries to perform time-based blind data extraction. This makes it possible for authenticated attackers with administrator-level access or above (or any role explicitly permitted access to the plugin\u0027s admin pages via the yrm-user-roles setting) to extract sensitive data from the database, including administrator credential hashes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T01:25:54.600Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc7c7e21-fbd7-4451-bc7d-3d11db01a443?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMoreData.php#L1522"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/tags/3.5.7/classes/ReadMoreData.php#L1522"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/views/readMorePagesView.php#L29"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/tags/3.5.7/views/readMorePagesView.php#L29"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMoreData.php#L1537"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/tags/3.5.7/classes/ReadMoreData.php#L1537"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/views/accordionBuilder/list.php#L29"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/tags/3.5.7/views/accordionBuilder/list.php#L29"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-19T12:12:45.000Z",
"value": "Disclosed"
}
],
"title": "Read More \u0026 Accordion \u003c= 3.5.7 - Authenticated (Administrator+) SQL Injection via \u0027orderby\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-7472",
"datePublished": "2026-05-20T01:25:54.600Z",
"dateReserved": "2026-04-29T19:56:27.425Z",
"dateUpdated": "2026-05-20T17:16:36.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7467 (GCVE-0-2026-7467)
Vulnerability from cvelistv5 – Published: 2026-05-20 01:25 – Updated: 2026-05-20 15:45
VLAI
Title
Read More & Accordion <= 3.5.7 - Privilege Escalation via importData
Summary
The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, with permission granted by the site owner through the plugin's role settings, to insert arbitrary rows into the 'wp_users' and 'wp_usermeta' tables, including the 'wp_capabilities' field, allowing them to create a new administrator account and gain administrator access to the site.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| edmonparker | Read More & Accordion |
Affected:
0 , ≤ 3.5.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T12:22:16.361073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:45:18.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Read More \u0026 Accordion",
"vendor": "edmonparker",
"versions": [
{
"lessThanOrEqual": "3.5.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "BIMA IKHSAN"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Read More \u0026 Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the \u0027RadMoreAjax::importData\u0027 function not restricting which database tables can be written to during import and not properly validating the imported data. This makes it possible for authenticated attackers, with permission granted by the site owner through the plugin\u0027s role settings, to insert arbitrary rows into the \u0027wp_users\u0027 and \u0027wp_usermeta\u0027 tables, including the \u0027wp_capabilities\u0027 field, allowing them to create a new administrator account and gain administrator access to the site."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T01:25:52.311Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/adf51c03-b0bb-4864-b64d-6b0cba4b0130?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/tags/3.5.5/files/RadMoreAjax.php#L62"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-19T12:12:39.000Z",
"value": "Disclosed"
}
],
"title": "Read More \u0026 Accordion \u003c= 3.5.7 - Privilege Escalation via importData"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-7467",
"datePublished": "2026-05-20T01:25:52.311Z",
"dateReserved": "2026-04-29T18:34:05.478Z",
"dateUpdated": "2026-05-20T15:45:18.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0810 (GCVE-0-2025-0810)
Vulnerability from cvelistv5 – Published: 2025-04-05 01:44 – Updated: 2026-04-08 17:14
VLAI
Title
Read More & Accordion <= 3.4.7 - Cross-Site Request Forgery to Local File Inclusion
Summary
The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| edmonparker | Read More & Accordion |
Affected:
0 , ≤ 3.4.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T13:05:10.861244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T14:12:32.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Read More \u0026 Accordion",
"vendor": "edmonparker",
"versions": [
{
"lessThanOrEqual": "3.4.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bassem Essam"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Read More \u0026 Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:14:06.912Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a963cd9b-9f8f-4bd2-92cd-74c5e85e1d96?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMorePages.php#L82"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMorePages.php#L59"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMoreInit.php#L122"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3265987/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-04T13:09:44.000Z",
"value": "Disclosed"
}
],
"title": "Read More \u0026 Accordion \u003c= 3.4.7 - Cross-Site Request Forgery to Local File Inclusion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-0810",
"datePublished": "2025-04-05T01:44:44.158Z",
"dateReserved": "2025-01-28T15:19:47.042Z",
"dateUpdated": "2026-04-08T17:14:06.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-13639 (GCVE-0-2024-13639)
Vulnerability from cvelistv5 – Published: 2025-02-13 08:21 – Updated: 2026-04-08 16:57
VLAI
Title
Read More & Accordion <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Read More' Post Deletion
Summary
The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary 'read more' posts.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| edmonparker | Read More & Accordion |
Affected:
0 , ≤ 3.4.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13639",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-13T14:37:05.418825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-13T14:37:16.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Read More \u0026 Accordion",
"vendor": "edmonparker",
"versions": [
{
"lessThanOrEqual": "3.4.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Youcef Hamdani"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Read More \u0026 Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary \u0027read more\u0027 posts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:57:49.609Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65849267-8bb5-48fd-b95e-e89a1e744fe0?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/files/ReadMoreAdminPost.php#L98"
},
{
"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/files/ReadMoreAdminPost.php#L9"
},
{
"url": "https://wordpress.org/plugins/expand-maker/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3239533/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-12T19:43:15.000Z",
"value": "Disclosed"
}
],
"title": "Read More \u0026 Accordion \u003c= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary \u0027Read More\u0027 Post Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13639",
"datePublished": "2025-02-13T08:21:24.056Z",
"dateReserved": "2025-01-22T22:48:16.432Z",
"dateUpdated": "2026-04-08T16:57:49.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12587 (GCVE-0-2024-12587)
Vulnerability from cvelistv5 – Published: 2025-01-11 06:00 – Updated: 2025-01-13 19:28
VLAI
Title
Contact Form Master <= 1.0.7 - Reflected XSS
Summary
The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/7cb040f5-d154-48… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Contact Form Master |
Affected:
0 , ≤ 1.0.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-12587",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T19:27:59.866496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T19:28:24.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Contact Form Master",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hassan Khan Yusufzai - Splint3r7"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-11T06:00:02.900Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/7cb040f5-d154-48ea-a54e-80451054bad8/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Contact Form Master \u003c= 1.0.7 - Reflected XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-12587",
"datePublished": "2025-01-11T06:00:02.900Z",
"dateReserved": "2024-12-12T18:37:19.906Z",
"dateUpdated": "2025-01-13T19:28:24.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}