CVE-2024-10704
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Nov 29, 2024
Summary
CVE-2024-10704 is a vulnerability affecting the Photo Gallery plugin by 10Web for WordPress. Prior to version 1.8.31, the plugin fails to properly sanitize and escape certain settings, making it susceptible to Stored Cross-Site Scripting (XSS) attacks. High privilege users, including admins, can exploit this weakness, even in multisite setups where the unfiltered_html capability is restricted. This issue could potentially lead to significant security breaches if left unaddressed.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share