CVE-2024-10104

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Nov 15, 2024

Summary

CVE-2024-10104 is a vulnerability affecting the Jobs for WordPress plugin before version 2.7.8. This issue permits high privilege users, such as contributors, to execute Stored Cross-Site Scripting (XSS) attacks. The plugin fails to sanitize and escape certain Job settings, allowing malicious scripts to be injected and executed when a user views a job listing. Successful exploitation of this vulnerability could lead to unauthorized access to sensitive data or the takeover of a WordPress site. It is essential to update the plugin to version 2.7.8 or later to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zlxBUw
https://www.cve.org/CVERecord?id=CVE-2024-10104
https://nvd.nist.gov/vuln/detail/CVE-2024-10104

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-10104

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations