CVE-2024-33648

MEDIUM

wzy Media Recencio Book Reviews <1.66.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-33648. PoCs published by sudotom, tompos2.

AI-analyzed exploit summary This repository contains a patched version of the Recencio Book Reviews WordPress plugin, addressing CVE-2024-33648 (Authenticated Stored XSS) and 57 additional vulnerabilities. The README provides detailed security audit information, patching methodology, and background on the plugin's maintenance transition.

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kemory Grubb Recencio Book Reviews recencio-book-reviews allows DOM-Based XSS.This issue affects Recencio Book Reviews: from n/a through <= 1.66.0.

Exploits (2)

nomisec WRITEUP

by sudotom · poc

https://github.com/sudotom/rcno-reviews

View Code ZIP pw:eip

This repository contains a patched version of the Recencio Book Reviews WordPress plugin, addressing CVE-2024-33648 (Authenticated Stored XSS) and 57 additional vulnerabilities. The README provides detailed security audit information, patching methodology, and background on the plugin's maintenance transition.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Recencio Book Reviews WordPress Plugin (versions <= 1.66.0)

Auth required

Prerequisites: WordPress installation with Recencio Book Reviews plugin <= 1.66.0 · Contributor-level access or higher

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Mar 19, 2026 Full analysis →

nomisec WRITEUP

by tompos2 · poc

https://github.com/tompos2/rcno-reviews

View Code ZIP pw:eip

This repository is a fork of the Recencio Book Reviews WordPress plugin, created to patch CVE-2024-33648 and other vulnerabilities. It includes detailed documentation, changelogs, and code files but does not contain explicit exploit code or technical deep-dive into the vulnerability mechanics.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Recencio Book Reviews WordPress Plugin

No auth needed

Prerequisites: WordPress installation with Recencio Book Reviews plugin

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/recencio-book-reviews/vulnerability/wordpress-recencio-book-reviews-plugin-1-66-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Patch

https://github.com/tompos2/rcno-reviews/commit/3c9d1c0b232184280e97d0f7a67bc07362f83c53

View Patch ZIP pw:eip

Third Party Advisory

https://patchstack.com/database/wordpress/plugin/recencio-book-reviews/vulnerability/wordpress-recencio-book-reviews-plugin-1-66-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/database/vulnerability/recencio-book-reviews/wordpress-recencio-book-reviews-plugin-1-66-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Scores

CVSS v3 6.5

EPSS 0.0037

EPSS Percentile 29.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Kemory Grubb/Recencio Book Reviews < 1.66.0

Published Apr 29, 2024

Tracked Since Feb 18, 2026