The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 15 May 2025 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Elementengage
Elementengage simple Certain Time To Show Content
Weaknesses CWE-79
CPEs cpe:2.3:a:elementengage:simple_certain_time_to_show_content:*:*:*:*:*:wordpress:*:*
Vendors & Products Elementengage
Elementengage simple Certain Time To Show Content

Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 26 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}


Wed, 26 Feb 2025 16:30:00 +0000

Type Values Removed Values Added
Description The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Title Simple Certain Time to Show Content < 1.3.1 - Reflected XSS
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-02-26T16:17:55.054Z

Reserved: 2024-10-18T19:15:09.249Z

Link: CVE-2024-10152

cve-icon Vulnrichment

Updated: 2025-02-26T16:17:09.376Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-26T13:15:34.840

Modified: 2025-05-15T20:49:42.913

Link: CVE-2024-10152

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.