CVE-2024-10709

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Nov 25, 2024

Summary

CVE-2024-10709 is a vulnerability affecting the YaDisk Files WordPress plugin before version 1.2.6. This issue allows users with the contributor role and above to execute stored Cross-Site Scripting (XSS) attacks. The plugin does not properly validate and escape certain shortcode attributes, enabling attackers to inject malicious scripts into webpages or posts where the shortcode is used. Successful exploitation of this vulnerability may lead to unauthorized access, data theft, or site defacement. WordPress users are advised to update to the latest plugin version or disable the plugin as a temporary measure until a patch is available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0GIivW
https://www.cve.org/CVERecord?id=CVE-2024-10709
https://nvd.nist.gov/vuln/detail/CVE-2024-10709

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-10709

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations