CVE-2024-6529

HIGH

Ultimate Classified Listings <1.4 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-6529. PoCs published by Abdurahmon3236.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2024-6529, demonstrating a reflected XSS vulnerability in the Ultimate Classified Listings WordPress plugin. It includes scripts to trigger XSS and steal cookies via a malicious server.

Description

The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Exploits (1)

nomisec WORKING POC

by Abdurahmon3236 · poc

https://github.com/Abdurahmon3236/CVE-2024-6529

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2024-6529, demonstrating a reflected XSS vulnerability in the Ultimate Classified Listings WordPress plugin. It includes scripts to trigger XSS and steal cookies via a malicious server.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Ultimate Classified Listings WordPress plugin before version 1.4

No auth needed

Prerequisites: Vulnerable version of the Ultimate Classified Listings plugin · Ability to craft malicious URLs

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/1a346c9a-cc1a-46b1-b27a-a77a38449933/

Scores

CVSS v3 7.1

EPSS 0.0089

EPSS Percentile 54.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

webcodingplace/ultimate_classified_listings < 1.4

Published Aug 01, 2024

Tracked Since Feb 18, 2026