CVE-2024-10473
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Nov 28, 2024
Updated: Nov 29, 2024
CWE ID 79
Summary
CVE-2024-10473 is a vulnerability affecting the Logo Slider WordPress plugin before version 4.5.0. This issue allows users with a role as low as Author to execute Cross-Site Scripting (XSS) attacks. The plugin does not properly sanitize and escape some Logo Settings when outputting them on pages with the Logo Slider shortcode embedded. By injecting malicious scripts into these settings, attackers can manipulate the behavior of the affected website and potentially steal sensitive data or take control of user sessions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share