CVE-2024-11718: tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting

May 15, 2025 (updated May 20, 2025)

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

References

bitbucket.org/ccitron/tarteaucitron-wp
github.com/advisories/GHSA-fxpc-qmrh-7j2h
nvd.nist.gov/vuln/detail/CVE-2024-11718
wpscan.com/vulnerability/02da3a49-20e4-4476-a78d-4c627994a90a

Code Behaviors & Features

Detect and mitigate CVE-2024-11718 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →