CVE-2024-10681

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 94

Summary

CVE-2024-10681: The ARMember plugin for WordPress, versions up to 4.0.51, has a vulnerability that enables authenticated attackers with subscriber-level access or higher to execute arbitrary shortcodes. This occurs due to the plugin's failure to validate user input before running do_shortcode, allowing attackers to inject malicious code and potentially gain unintended access or perform unauthorized actions on the affected site.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share