CVE-2024-35639 - Vulnerability Details - OpenCVE

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler simple-spoiler.This issue affects Simple Spoiler: from n/a through <= 1.2.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00108.

Key SSVC decision points have not yet been added.

Vendors	Products
Webliberty	Simple Spoiler
Wordpress	Wordpress

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Webliberty	Simple Spoiler
Wordpress	Wordpress

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/simple-spoiler/vulnerability/wordpress-simple-spoiler-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/simple-spoiler/wordpress-simple-spoiler-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve

History

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS.This issue affects Simple Spoiler: from n/a through 1.2.	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler simple-spoiler.This issue affects Simple Spoiler: from n/a through <= 1.2.
References		https://patchstack.com/database/Wordpress/Plugin/simple-spoiler/vulnerability/wordpress-simple-spoiler-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve
Metrics	cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00074}`	epss `{'score': 0.00078}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-03T08:22:18.516Z

Updated: 2026-04-01T15:34:16.042Z

Reserved: 2024-05-17T10:07:53.837Z

Link: CVE-2024-35639

Vulnrichment

Updated: 2024-08-02T03:14:53.479Z

NVD

Status : Awaiting Analysis

Published: 2024-06-03T09:15:09.947

Modified: 2026-04-01T16:17:15.370

Link: CVE-2024-35639

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-13T21:07:18Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-35639", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-05-17T10:07:53.837Z", "datePublished": "2024-06-03T08:22:18.516Z", "dateUpdated": "2026-04-01T15:34:16.042Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "simple-spoiler", "product": "Simple Spoiler", "vendor": "Webliberty", "versions": [{"changes": [{"at": "1.3", "status": "unaffected"}], "lessThanOrEqual": "1.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Cronus | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:25:48.473Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler simple-spoiler.<p>This issue affects Simple Spoiler: from n/a through <= 1.2.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webliberty Simple Spoiler simple-spoiler.This issue affects Simple Spoiler: from n/a through <= 1.2."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T15:34:16.042Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/simple-spoiler/vulnerability/wordpress-simple-spoiler-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress Simple Spoiler plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35639", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T15:42:21.817594Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:36.462Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:14:53.479Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/simple-spoiler/wordpress-simple-spoiler-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/simple-spoiler/wordpress-simple-spoiler-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:14:53.479Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35639", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-03T15:42:21.817594Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T15:42:33.827Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "WordPress Simple Spoiler plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Cronus (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Webliberty", "product": "Simple Spoiler", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.2"}], "packageName": "simple-spoiler", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/vulnerability/simple-spoiler/wordpress-simple-spoiler-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS.This issue affects Simple Spoiler: from n/a through 1.2.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS.<p>This issue affects Simple Spoiler: from n/a through 1.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-03T08:22:56.568Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35639", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:14:53.479Z", "dateReserved": "2024-05-17T10:07:53.837Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-06-03T08:22:18.516Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}