Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-53913 | The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
Tue, 20 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mahinsha
Mahinsha newsticker |
|
| CPEs | cpe:2.3:a:mahinsha:newsticker:1.0:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Mahinsha
Mahinsha newsticker |
Tue, 04 Mar 2025 03:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 26 Feb 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Wed, 26 Feb 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |
| Title | News List <= 1.0 - Reflected XSS | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-02-26T14:27:01.164Z
Reserved: 2025-01-22T18:39:34.529Z
Link: CVE-2024-13630
Updated: 2025-02-26T14:26:43.630Z
Status : Analyzed
Published: 2025-02-26T13:15:37.343
Modified: 2026-06-17T07:02:24.660
Link: CVE-2024-13630
No data.
OpenCVE Enrichment
No data.
EUVD