Stored Cross-Site Scripting Vulnerability in MarketKing by WordPress

CVE-2024-13519

What is CVE-2024-13519?

The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress presents a stored cross-site scripting vulnerability due to inadequate input sanitization and output escaping. This issue allows authenticated attackers with Shop Manager permissions and above to inject arbitrary scripts into plugin settings. The injected scripts can execute on any page accessed by users, posing a significant risk, especially in multi-site installations where unfiltered_html is disabled.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References