Reflected Cross-Site Scripting Vulnerability in XV Random Quotes WordPress Plugin
CVE-2024-13574
Key Information:
- Vendor
- WordPress
- Status
- Vendor
- CVE Published:
- 11 March 2025
Badges
Summary
The XV Random Quotes WordPress plugin, up to version 1.40, is susceptible to a reflected Cross-Site Scripting (XSS) attack. This vulnerability arises due to inadequate sanitization and escaping of user-supplied input before it is echoed back on the web page. Malicious actors could exploit this flaw to execute arbitrary JavaScript code in the context of high-privilege users, such as site administrators. Attackers could craft a malicious link that, when accessed by an admin, could lead to unauthorized actions, data compromise, or site manipulation.
Affected Version(s)
XV Random Quotes 0 <= 1.40
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved