CVE-2024-10320
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Published Dec 6, 2024
CWE ID 79
Summary
CVE-2024-10320 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Cookielay plugin for WordPress. The issue lies in the insufficient input sanitization and output escaping of user-supplied attributes in the plugin's cookielay shortcode. This weakness allows authenticated attackers, with contributor-level access or higher, to inject malicious web scripts into pages. These scripts will execute whenever a user accesses an affected page. Versions of the plugin up to and including 1.2.0 are vulnerable.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share