CVE-2024-0657

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Feb 9, 2024
Updated: Feb 15, 2024
CWE ID 79

Summary

CVE-2024-0657 is a vulnerability that affects the Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress, specifically versions up to and including 2.23.4. The vulnerability is a Stored Cross-Site Scripting (XSS) issue caused by insufficient input sanitization and output escaping in the admin settings of the plugin. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages that will execute when a user accesses an injected page. It is important to note that this vulnerability only impacts multi-site installations and installations where unfiltered_html has been disabled. To remediate this vulnerability, users should update to a version higher than 2.23.4 as soon as possible. The potential danger posed by this vulnerability includes the execution of malicious scripts on compromised web pages, which could lead to unauthorized access, data theft, or further exploitation of the affected organization's systems and networks.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0657 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options