{"cve":{"cve_id":"CVE-2024-5647","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00292,"epss_percentile":0.20674,"epss_as_of":"2026-06-23","description":"Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was fixed in the upstream library (Magnific Popups version 1.2.0) by disabling the loading of HTML within certain fields by default.","published_at":"2025-07-03T09:22:19.308000Z","last_modified_at":null,"cvss_v3_score":6.4,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-79"],"nvd_references":["https://www.wordfence.com/threat-intel/vulnerabilities/id/dae80fc2-3076-4a32-876d-5df1c62de9bd?source=cve","https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/vendor/magnific-popup/magnific-popup.js","https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/assets/front-end/js/lib-view/magnific-popup/jquery.magnific-popup.js","https://plugins.trac.wordpress.org/browser/bold-page-builder/trunk/content_elements_misc/js/jquery.magnific-popup.js","https://plugins.trac.wordpress.org/changeset/3154460/happy-elementor-addons","https://plugins.trac.wordpress.org/changeset/3153781/bold-page-builder","https://plugins.trac.wordpress.org/browser/robo-gallery/trunk/js/robo_gallery.js#L56","https://www.elegantthemes.com/api/changelog/divi.txt","https://www.elegantthemes.com/api/changelog/extra.txt","https://www.elegantthemes.com/api/changelog/divi-builder.txt","https://themes.trac.wordpress.org/changeset/244604/oceanwp","https://plugins.trac.wordpress.org/changeset/3153700/essential-addons-for-elementor-lite","https://plugins.trac.wordpress.org/changeset/3184626/addons-for-divi","https://plugins.trac.wordpress.org/changeset/3201991/robo-gallery","https://plugins.trac.wordpress.org/changeset/3166204/carousel-slider","https://github.com/dimsemenov/Magnific-Popup/releases/tag/1.2.0"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T02:19:11.094487Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"badhonrocks","vendor_name":"badhonrocks","product_slug":"divi-torque-lite-divi-theme-divi-builder-extra-theme","product_name":"Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme","version_start":"0","version_start_inclusive":true,"version_end":"4.0.5","version_end_inclusive":true,"cpe23_uri":"cve5:badhonrocks:divi-torque-lite-divi-theme-divi-builder-extra-theme:0:4.0.5"},{"vendor_slug":"blossomthemes","vendor_name":"blossomthemes","product_slug":"blossomthemes-social-feed","product_name":"BlossomThemes Social Feed","version_start":"0","version_start_inclusive":true,"version_end":"2.0.5","version_end_inclusive":true,"cpe23_uri":"cve5:blossomthemes:blossomthemes-social-feed:0:2.0.5"},{"vendor_slug":"boldthemes","vendor_name":"boldthemes","product_slug":"bold-page-builder","product_name":"Bold Page Builder","version_start":"0","version_start_inclusive":true,"version_end":"5.1.2","version_end_inclusive":true,"cpe23_uri":"cve5:boldthemes:bold-page-builder:0:5.1.2"},{"vendor_slug":"divisupreme","vendor_name":"divisupreme","product_slug":"supreme-modules-lite-divi-theme-extra-theme-and-divi-builder","product_name":"Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder","version_start":"0","version_start_inclusive":true,"version_end":"2.5.52","version_end_inclusive":true,"cpe23_uri":"cve5:divisupreme:supreme-modules-lite-divi-theme-extra-theme-and-divi-builder:0:2.5.52"},{"vendor_slug":"elegant-themes","vendor_name":"Elegant Themes","product_slug":"divi","product_name":"Divi","version_start":"0","version_start_inclusive":true,"version_end":"4.27.1","version_end_inclusive":true,"cpe23_uri":"cve5:elegant-themes:divi:0:4.27.1"},{"vendor_slug":"elegant-themes","vendor_name":"Elegant Themes","product_slug":"divi-builder","product_name":"Divi Builder","version_start":"0","version_start_inclusive":true,"version_end":"4.27.1","version_end_inclusive":true,"cpe23_uri":"cve5:elegant-themes:divi-builder:0:4.27.1"},{"vendor_slug":"elegant-themes","vendor_name":"Elegant Themes","product_slug":"divi-extra","product_name":"Divi Extra","version_start":"0","version_start_inclusive":true,"version_end":"4.27.1","version_end_inclusive":true,"cpe23_uri":"cve5:elegant-themes:divi-extra:0:4.27.1"},{"vendor_slug":"gn-themes","vendor_name":"gn_themes","product_slug":"wp-shortcodes-plugin-shortcodes-ultimate","product_name":"WP Shortcodes Plugin — Shortcodes Ultimate","version_start":"0","version_start_inclusive":true,"version_end":"7.4.2","version_end_inclusive":true,"cpe23_uri":"cve5:gn-themes:wp-shortcodes-plugin-shortcodes-ultimate:0:7.4.2"},{"vendor_slug":"gutentor","vendor_name":"gutentor","product_slug":"gutentor-gutenberg-blocks-page-builder-for-gutenberg-editor","product_name":"Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor","version_start":"0","version_start_inclusive":true,"version_end":"3.4.9","version_end_inclusive":true,"cpe23_uri":"cve5:gutentor:gutentor-gutenberg-blocks-page-builder-for-gutenberg-editor:0:3.4.9"},{"vendor_slug":"oceanwp","vendor_name":"OceanWP","product_slug":"oceanwp","product_name":"OceanWP","version_start":"0","version_start_inclusive":true,"version_end":"3.6.0","version_end_inclusive":true,"cpe23_uri":"cve5:oceanwp:oceanwp:0:3.6.0"},{"vendor_slug":"robosoft","vendor_name":"robosoft","product_slug":"robo-gallery-photo-image-slider","product_name":"Robo Gallery – Photo & Image Slider","version_start":"0","version_start_inclusive":true,"version_end":"3.2.22","version_end_inclusive":true,"cpe23_uri":"cve5:robosoft:robo-gallery-photo-image-slider:0:3.2.22"},{"vendor_slug":"sayful","vendor_name":"sayful","product_slug":"carousel-slider","product_name":"Carousel Slider","version_start":"0","version_start_inclusive":true,"version_end":"2.2.14","version_end_inclusive":true,"cpe23_uri":"cve5:sayful:carousel-slider:0:2.2.14"},{"vendor_slug":"thehappymonster","vendor_name":"thehappymonster","product_slug":"happy-addons-for-elementor","product_name":"Happy Addons for Elementor","version_start":"0","version_start_inclusive":true,"version_end":"3.12.2","version_end_inclusive":true,"cpe23_uri":"cve5:thehappymonster:happy-addons-for-elementor:0:3.12.2"},{"vendor_slug":"wpdevteam","vendor_name":"wpdevteam","product_slug":"essential-addons-for-elementor-popular-elementor-templates-widgets","product_name":"Essential Addons for Elementor – Popular Elementor Templates & Widgets","version_start":"0","version_start_inclusive":true,"version_end":"6.0.4","version_end_inclusive":true,"cpe23_uri":"cve5:wpdevteam:essential-addons-for-elementor-popular-elementor-templates-widgets:0:6.0.4"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/dae80fc2-3076-4a32-876d-5df1c62de9bd?source=cve","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/vendor/magnific-popup/magnific-popup.js","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/assets/front-end/js/lib-view/magnific-popup/jquery.magnific-popup.js","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/browser/bold-page-builder/trunk/content_elements_misc/js/jquery.magnific-popup.js","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/changeset/3154460/happy-elementor-addons","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/changeset/3153781/bold-page-builder","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/browser/robo-gallery/trunk/js/robo_gallery.js#L56","source_type":"MISC","tags":[]},{"url":"https://www.elegantthemes.com/api/changelog/divi.txt","source_type":"MISC","tags":[]},{"url":"https://www.elegantthemes.com/api/changelog/extra.txt","source_type":"MISC","tags":[]},{"url":"https://www.elegantthemes.com/api/changelog/divi-builder.txt","source_type":"MISC","tags":[]},{"url":"https://themes.trac.wordpress.org/changeset/244604/oceanwp","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/changeset/3153700/essential-addons-for-elementor-lite","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/changeset/3184626/addons-for-divi","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/changeset/3201991/robo-gallery","source_type":"MISC","tags":[]},{"url":"https://plugins.trac.wordpress.org/changeset/3166204/carousel-slider","source_type":"MISC","tags":[]},{"url":"https://github.com/dimsemenov/Magnific-Popup/releases/tag/1.2.0","source_type":"PATCH","tags":["patch"]}],"timeline":[{"type":"published","at":"2025-07-03T09:22:19.308000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:39:49.577769Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:39:49.577769Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:39:49.577769Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T02:19:11.094487Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:19:11.094487Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:19:11.094487Z","label":"SSVC decision revised","source":"vulnrichment"}]}