CVE-2024-10517

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Dec 12, 2024

Summary

CVE-2024-10517 is a vulnerability affecting the Paid Membership Plugin for WordPress before version 4.15.15. This issue permits high privilege users, including admins, to execute Stored Cross-Site Scripting attacks. The vulnerability arises due to the plugin's failure to sanitize and escape some fields in its Drag & Drop Builder, which can be exploited even when the unfiltered_html capability is disallowed, posing a significant security risk in multisite setups.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share