CVE-2024-6665

State: PUBLISHED · Published: 2025-05-15 · Updated: 2025-05-17 · Assigner: WPScan

Description

The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CWE

(none)

Affected

Unknown / KBucket: Your Curated Content in WordPress — v=0 <4.1.6 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/a0b3335f-6e04-402f-8cfd-fc4c62e52168/ exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2024/6xxx/CVE-2024-6665.json