CVE-2024-11098

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
CWE ID 79

Summary

CVE-2024-11098 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the SVG Block plugin for WordPress. This issue, present in versions up to and including 1.1.24, allows authenticated attackers with Administrator-level access to inject malicious scripts into SVG files via the REST API. These scripts are then executed whenever a user accesses the affected file, posing a significant security risk. The root cause of this vulnerability lies in insufficient input sanitization and output escaping, enabling attackers to manipulate the SVG data and introduce malicious code.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share