CVE-2024-11010
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2024-11010 is a vulnerability affecting the FileOrganizer – Manage WordPress and Website Files plugin for WordPress. The issue allows authenticated attackers with Administrator-level access or higher to include and execute arbitrary JavaScript files on the server through the 'default_lang' parameter. This Local JavaScript File Inclusion vulnerability can be exploited to bypass access controls, obtain sensitive data, or execute code, posing a significant security risk. The vulnerability exists in all versions up to and including 1.1.4 and should be addressed by updating to the latest version or applying a patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.