{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-51807", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-11-04T09:57:58.193Z", "datePublished": "2024-11-19T16:31:54.918Z", "dateUpdated": "2026-04-28T16:10:36.744Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "agendapress", "product": "AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress", "vendor": "Black and White", "versions": [{"lessThanOrEqual": "1.0.8", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "SOPROBRO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:29:24.884Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress agendapress allows Stored XSS.<p>This issue affects AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress: from n/a through <= 1.0.8.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress agendapress allows Stored XSS.This issue affects AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress: from n/a through <= 1.0.8."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:10:36.744Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/agendapress/vulnerability/wordpress-agendapress-plugin-1-0-8-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress AgendaPress plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-20T14:24:57.631693Z", "id": "CVE-2024-51807", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T14:25:07.464Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-51807", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-20T14:24:57.631693Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T14:25:01.692Z"}}], "cna": {"title": "WordPress AgendaPress plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "SOPROBRO | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Black and White", "product": "AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.0.8"}], "packageName": "agendapress", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:35:40.140Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/agendapress/vulnerability/wordpress-agendapress-plugin-1-0-8-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress agendapress allows Stored XSS.This issue affects AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress: from n/a through <= 1.0.8.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress agendapress allows Stored XSS.<p>This issue affects AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress: from n/a through <= 1.0.8.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T13:55:14.634Z"}}}, "cveMetadata": {"cveId": "CVE-2024-51807", "state": "PUBLISHED", "dateUpdated": "2026-04-23T13:55:14.634Z", "dateReserved": "2024-11-04T09:57:58.193Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-11-19T16:31:54.918Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress agendapress allows Stored XSS.This issue affects AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress: from n/a through <= 1.0.8."}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress de Black and White Digital Ltd permite XSS almacenado. Este problema afecta a AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress: desde n/a hasta 1.0.8."}], "id": "CVE-2024-51807", "lastModified": "2026-04-23T15:20:41.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-11-19T17:15:26.610", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/agendapress/vulnerability/wordpress-agendapress-plugin-1-0-8-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{}