CVE-2024-0380
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Feb 5, 2024
Updated: Feb 7, 2024
CWE ID 22
Summary
CVE-2024-0380 is a directory traversal vulnerability affecting the WP Recipe Maker plugin for WordPress. This issue, present in versions up to 9.1.0, allows authenticated attackers with contributor-level access and above to include the contents of SVG files on the server through the misuse of the 'icon' attribute in Shortcodes. Successful exploitation can result in Cross-Site Scripting attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share