CVE-2024-7878
WP ULike < 4.7.4 - Admin+ Stored XSSThe WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
We have discovered 7,059 live websites that are affected by CVE-2024-7878.
Affected Software
| Product |  WP ULike |
| Category | Wordpress Plugins |
| Vulnerable Domains | 7,059 live websites (55.75% of WP ULike install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 82 versions ( 90.11% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Sep 25, 2024
- Updated - Sep 25, 2024
Credits
- Bob Matyas (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2024-7878 usage by Country
 United States | 2,016 websites |
 Japan | 908 websites |
 Russia | 706 websites |
 Germany | 586 websites |
 France | 339 websites |
 Cyprus | 235 websites |
 Poland | 174 websites |
 GB | 151 websites |
 Iran | 141 websites |
 Brazil | 131 websites |
CVE-2024-7878 usage by TLD
| .com | 3,137 websites |
| .ru | 636 websites |
| .net | 290 websites |
| .org | 238 websites |
| .com.br | 225 websites |
| .jp | 191 websites |
| .de | 153 websites |
| .pl | 142 websites |
| .it | 94 websites |
| .fr | 80 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-7878
Top websites that are affected by CVE-2024-7878. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com | United States | *,*** | |
| *************.com |  Canada | **,*** | |
| ****.com | United States | **,*** | |
| ************.com | Japan | **,*** | |
| **************.com | United States | **,*** | |
| **********.ca | United States | **,*** | |
| ****.*********.com | France | **,*** | |
| *****************.com | United States | **,*** | |
| *******************.org |  Netherlands | **,*** | |
| ****.******.jp | United States | ***,*** |
FAQ
CVE-2024-7878 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WP ULike
A total of 7,059 websites have been identified as vulnerable to CVE-2024-7878, discovered through global website indexing conducted by WebTechSurvey.
WP ULike is susceptible to CVE-2024-7878 vulnerability.
WP ULike versions before 4.7.4 are vulnerable to CVE-2024-7878.
Version 4.7.4 of WP ULike addresses the CVE-2024-7878 security vulnerability.