cleantalk
Vulnerabilities and Security Researches

RD Station, CVE-2024-6894

CVE, Research URL

CVE-2024-6894

Home page URL

Security reports for RD Station

Application

RD Station

Published on
Sep 05, 2024
Research Description
The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 5.4.0.
Status
vulnerable
Previous vulnerability researches
RD Station (CVE-2022-38139) , Jun 06, 2024
RD Station (CVE-2026-49774) , Jun 09, 2026
RD Station (CVE-2024-6894) , Sep 06, 2024
New vulnerability
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2026-49055) , Jun 10, 2026
FV Flowplayer Video Player (CVE-2026-49773) , Jun 10, 2026
FV Flowplayer Video Player (CVE-2026-7556) , Jun 10, 2026
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress (CVE-2026-48874) , Jun 10, 2026
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2026-48876) , Jun 10, 2026