Moderate severityNVD Advisory· Published May 15, 2025· Updated May 20, 2025

tarteaucitron.js for WordPress < 0.3.0 - Author+ Stored XSS

CVE-2024-11718

Description

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
couleurcitron/tarteaucitron-wpPackagist	< 0.3.0	0.3.0

Affected products

WordPress plugin/tarteaucitron-wp plugindescription
ghsa-coords
pkg:composer/couleurcitron/tarteaucitron-wp
Range: < 0.3.0

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/02da3a49-20e4-4476-a78d-4c627994a90a/mitreexploitvdb-entrytechnical-description
github.com/advisories/GHSA-fxpc-qmrh-7j2hghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-11718ghsaADVISORY
wpscan.com/vulnerability/02da3a49-20e4-4476-a78d-4c627994a90aghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000