关键信息 描述 漏洞类型: 反射型跨站脚本(Reflected XSS) 原因: 插件在将参数输出到页面之前未进行适当的清理和转义。 影响的插件 插件名称: Advance Post Prefix 版本: <= 1.1.1 修复状态: 尚无已知修复 漏洞标识 CVE编号: CVE-2024-12734 分类 类型: XSS OWASP Top 10: A7: 跨站脚本 (XSS) CWE编号: CWE-79 CVSS评分: 7.1 (高) 时间线 公开发布日期: 2024-11-20 添加日期: 2025-01-09 最后更新日期: 2025-01-09 其他相关漏洞 Formidable Forms < 6.7.1 - Admin+ Stored Cross-Site Scripting Ultimate Dashboard < 3.7.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Grid Gallery < 1.2.5 - Authenticated Stored Cross Site Scripting (XSS) WP Travel Engine < 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting