CVE-2024-11202

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 79

Summary

CVE-2024-11202: Multiple WordPress plugins are susceptible to Reflected Cross-Site Scripting (XSS) attacks. The vulnerability stems from insufficient sanitization and output escaping of the cminds_free_guide shortcode. Unauthenticated attackers can inject arbitrary web scripts, which execute when users perform specific actions like clicking on a crafted link, potentially leading to hijacking user sessions or data theft.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share