Medium severity6.1NVD Advisory· Published Sep 12, 2024· Updated Jun 17, 2026
CVE-2024-6018
CVE-2024-6018
Description
The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=1.3+ 1 more
- (no CPE)range: <=1.3
- (no CPE)range: <=1.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/c3f50e30-c7c5-4e7e-988c-ab884d75870b/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.