CVE-2024-11718

CVE-2024-11718: tarteaucitron.js for WordPress < 0.3.0 - Author+ Stored XSS

Vendor Unknown
Product tarteaucitron-wp
Published May 15, 2025
Last update May 20, 2025

CVSS base score

What the vulnerability does

01Description

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Key dates

02Disclosure timeline

May 15, 2025 CVE published
May 20, 2025 Record updated