CVE-2024-11202

MEDIUM

CM WordPress Search And Replace Plugin <1.4.2 - Unauthenticated XSS via cminds_free_guide Shortcode

Title source: llm
STIX 2.1

Description

Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Scores

CVSS v3 6.1
EPSS 0.0058
EPSS Percentile 43.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (13)
creativemindssolutions/CM Business Directory Plugin – Business Listing Directory < 1.4.1
creativemindssolutions/CM Business Directory – Optimise and showcase local business < 1.4.1
creativemindssolutions/CM E-Mail Blacklist – Simple email filtering for safer registration < 1.5.3
creativemindssolutions/CM Header & Footer Script Loader – Insert Script Plugin < 1.2.1
creativemindssolutions/CM Header and Footer – Add custom scripts and styles to your header and footer with ease < 1.2.1
creativemindssolutions/CM Pop-Up Banners for WordPress < 1.7.5
creativemindssolutions/CM Pop-Up – Create engaging popups to capture attention and boost interaction < 1.7.5
creativemindssolutions/CM Search And Replace – Optimize content edits with a powerful search and replace tool < 1.4.2
creativemindssolutions/CM Tooltip Glossary < 4.3.11
creativemindssolutions/CM Video Lessons Manager – Simplify video lessons management for better education < 1.8.2
... and 3 more
Published Nov 26, 2024
Tracked Since Feb 18, 2026