CVE-2024-10518
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Dec 12, 2024
Summary
CVE-2024-10518 is a stored cross-site scripting (XSS) vulnerability affecting the Paid Membership Plugin for WordPress. This issue, present in versions below 4.15.15, allows high privilege users, including admins, to inject malicious scripts into Membership Plan settings. The plugin fails to sanitize and escape these settings, enabling attackers to execute scripts even when the unfiltered_html capability is disabled, posing a serious security risk in multisite setups.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share