CVE-2024-58305 HIGH

CVE-2024-58305: WonderCMS 4.3.2 Cross-Site Scripting Remote Code Execution via Module Installation

Vendor Wondercms
Product WonderCMS
Weakness CWE-79 · XSS
Published December 12, 2025
Last update April 7, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an authenticated administrator into accessing a malicious link.

Key dates

02Disclosure timeline

December 12, 2025 CVE published
April 7, 2026 Record updated

Related vulnerabilities

04Related CVE