CVE-2024-37918
WordPress ConeBlog plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCone ConeBlog – WordPress Blog Widgets coneblog-widgets.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through <= 1.4.8.
| CWE | CWE-79 |
| Vendor | wpcone |
| Product | coneblog – wordpress blog widgets |
| Published | Jul 20, 2024 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for wpcone coneblog – wordpress blog widgets
Be the first to know when new unknown vulnerabilities affecting wpcone coneblog – wordpress blog widgets are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
WPCone / ConeBlog – WordPress Blog Widgets
0 ≤ 1.4.8
References
patchstack.com: https://patchstack.com/database/Wordpress/Plugin/coneblog-widgets/vulnerability/wordpress-coneblog-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/coneblog-widgets/wordpress-coneblog-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve
Credits
João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program