CVE-2024-10880
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Nov 23, 2024
CWE ID 79
Summary
CVE-2024-10880 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the JobBoardWP plugin for WordPress, version 1.3.0 and below. This issue stems from the inadequate escaping of URL parameters using add_query_arg and remove_query_arg functions. Consequently, attackers can inject malicious web scripts into web pages, potentially tricking users into clicking on a malicious link and executing the malicious code in their web browser. Unauthenticated attackers can exploit this vulnerability, making it a significant security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share