CVE-2024-10038

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 13, 2024
CWE ID 80

Summary

CVE-2024-10038 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the WP-Strava plugin for WordPress. This issue, present in all versions up to 2.12.1, allows authenticated attackers to inject arbitrary web scripts into admin settings. These scripts will execute whenever a user accesses an injected page, posing a significant security risk. This vulnerability only affects multi-site installations and installations where unfiltered_html has been disabled. Attackers must have administrator-level permissions or above to exploit this weakness.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share