CVE-2024-10320

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 79

Summary

CVE-2024-10320 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Cookielay plugin for WordPress. The issue lies in the insufficient input sanitization and output escaping of user-supplied attributes in the plugin's cookielay shortcode. This weakness allows authenticated attackers, with contributor-level access or higher, to inject malicious web scripts into pages. These scripts will execute whenever a user accesses an affected page. Versions of the plugin up to and including 1.2.0 are vulnerable.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share