CVE-2024-12722

Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Stored XSS via Shortcode

Description

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

INFO

Published Date :

2025-05-15T20:06:53.961Z

Last Modified :

2025-05-20T19:32:23.866Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2024-12722 vulnerability.

Vendors	Products
Mohsinrasool	Twitter Bootstrap Collapse Aka Accordian Shortcode

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12722.

URL	Resource
https://wpscan.com/vulnerability/c3be5990-ca89-4ac4-baae-49af55df9d57/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact