Reflected Cross-Site Scripting in Multiple WordPress Plugins
CVE-2024-13362
6.1MEDIUM
Key Information:
- Vendor
WordPress
- Status
- Vendor
- CVE Published:
- 1 May 2026
What is CVE-2024-13362?
Various WordPress plugins are compromised by a Reflected Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping. This vulnerability allows unauthenticated attackers to inject harmful web scripts through the URL parameter. If users are manipulated into clicking on affected links, these scripts can execute, potentially leading to data theft or unauthorized actions. Website administrators are urged to update their plugins to safeguard against this security risk.
Affected Version(s)
Advanced Classifieds & Directory Pro 0 <= 3.2.4
Advanced Scrollbar โ Custom Scrollbar Styling and Behavior 0 <= 1.1.3
AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization 0 <= 2.9.2