CVE-2024-11202
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Nov 26, 2024
CWE ID 79
Summary
CVE-2024-11202: Multiple WordPress plugins are susceptible to Reflected Cross-Site Scripting (XSS) attacks. The vulnerability stems from insufficient sanitization and output escaping of the cminds_free_guide shortcode. Unauthenticated attackers can inject arbitrary web scripts, which execute when users perform specific actions like clicking on a crafted link, potentially leading to hijacking user sessions or data theft.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share