CVE-2024-10879

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 79

Summary

CVE-2024-10879 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the ForumWP plugin for WordPress. Versions up to and including 2.1.2 are impacted, allowing unauthenticated attackers to inject arbitrary web scripts. This is due to the improper use of add_query_arg and remove_query_arg functions without escaping on URLs, making it possible for attackers to successfully trick users into executing malicious code by persuading them to click on a malicious link. This vulnerability poses a significant risk and requires immediate remediation to prevent potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share