CVE-2024-10847

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 30, 2025

Updated: Feb 4, 2025

CWE ID 79

Summary

CVE-2024-10847 is a stored Cross-Site Scripting vulnerability affecting the Storely theme for WordPress. This issue, present in all versions up to 16.6, allows authenticated attackers with Contributor-level access or higher to inject malicious display names. Due to insufficient input sanitization and output escaping, the injected scripts are stored and executed whenever a user views an affected page. This can lead to unintended website behavior or unauthorized access, making it essential to update to a patched version of the Storely theme to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0OtdvD
https://www.cve.org/CVERecord?id=CVE-2024-10847
https://nvd.nist.gov/vuln/detail/CVE-2024-10847

Back to Vulnerability Database

CVE-2024-10847

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations