CVE-2024-10152

Summary

CVE-2024-10152 is a newly disclosed vulnerability affecting the Simple Certain Time to Show Content plugin for WordPress. Before version 1.3.1, this plugin fails to properly sanitize and escape user-supplied data, making it susceptible to Reflected Cross-Site Scripting (XSS) attacks. An attacker could inject malicious JavaScript code into a page, which could then be executed in the context of the web application when the vulnerable page is loaded by an unsuspecting user. This issue poses a significant threat, particularly to high-privilege users such as admins, who could be tricked into clicking a malicious link or visiting a compromised page, potentially allowing the attacker to gain unauthorized access to sensitive information or take control of the affected WordPress site.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.