CVE-2024-10182
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-10182 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Cognito Forms plugin for WordPress. This issue, which impacts versions up to and including 2.0.6, enables authenticated attackers with Contributor-level access or higher to inject malicious scripts into pages through the 'id' parameter. The lack of proper input sanitization and output escaping in the plugin allows these scripts to execute whenever a user accesses an affected page. This vulnerability poses a significant risk, as it can lead to unintended website functionality, data theft, or other malicious activities. It's crucial for WordPress users to update their Cognito Forms plugin to a patched version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.