CVE-2024-0657

Summary

CVE-2024-0657 is a vulnerability that affects the Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress, specifically versions up to and including 2.23.4. The vulnerability is a Stored Cross-Site Scripting (XSS) issue caused by insufficient input sanitization and output escaping in the admin settings of the plugin. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages that will execute when a user accesses an injected page. It is important to note that this vulnerability only impacts multi-site installations and installations where unfiltered_html has been disabled. To remediate this vulnerability, users should update to a version higher than 2.23.4 as soon as possible. The potential danger posed by this vulnerability includes the execution of malicious scripts on compromised web pages, which could lead to unauthorized access, data theft, or further exploitation of the affected organization's systems and networks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.