CVE-2024-11012
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Summary
CVE-2024-11012: The Notibar plugin for WordPress, used to create custom notification bars, contains a vulnerability that allows authenticated attackers with Subscriber-level access or higher to execute arbitrary shortcodes. This is due to the plugin's failure to properly validate user input before running the do_shortcode function during an AJAX request, identified as the njt_nofi_text action. This vulnerability poses a significant security risk, as attackers can inject malicious code, potentially leading to data breaches or site takeovers. Users are advised to update to the latest version of the plugin, or consider disabling it if unessential, to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.