CVE-2024-10879
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-10879 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the ForumWP plugin for WordPress. Versions up to and including 2.1.2 are impacted, allowing unauthenticated attackers to inject arbitrary web scripts. This is due to the improper use of add_query_arg and remove_query_arg functions without escaping on URLs, making it possible for attackers to successfully trick users into executing malicious code by persuading them to click on a malicious link. This vulnerability poses a significant risk and requires immediate remediation to prevent potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.