Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-15347 | The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
Thu, 12 Jun 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Klarned
Klarned auto Prune Posts |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:klarned:auto_prune_posts:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Klarned
Klarned auto Prune Posts |
Tue, 20 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 15 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |
| Title | Auto Prune Posts < 3.0.0- Admin+ Stored XSS | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-05-20T19:37:25.707Z
Reserved: 2024-10-31T18:58:17.860Z
Link: CVE-2024-10639
Updated: 2025-05-19T20:37:38.661Z
Status : Analyzed
Published: 2025-05-15T20:15:33.623
Modified: 2026-06-17T06:56:06.367
Link: CVE-2024-10639
No data.
OpenCVE Enrichment
No data.
EUVD