CVE-2024-10704

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 29, 2024

Summary

CVE-2024-10704 is a vulnerability affecting the Photo Gallery plugin by 10Web for WordPress. Prior to version 1.8.31, the plugin fails to properly sanitize and escape certain settings, making it susceptible to Stored Cross-Site Scripting (XSS) attacks. High privilege users, including admins, can exploit this weakness, even in multisite setups where the unfiltered_html capability is restricted. This issue could potentially lead to significant security breaches if left unaddressed.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share