216.73.217.98

CVE-2024-58305

· Published 12/12/2025 20:15 · Modified 15/12/2025 18:22

Labels: CVE-2024-58305 2025-12-12CVE-2024-58305[email protected]

Essential information

Published
12/12/2025 20:15
Modified
15/12/2025 18:22
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an authenticated administrator into accessing a malicious link.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References