CVE-2024-11203
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Published Nov 28, 2024
CWE ID 79
Summary
CVE-2024-11203 is a stored cross-site scripting (XSS) vulnerability affecting the EmbedPress plugin for WordPress. The issue lies in the insufficient input sanitization and output escaping of the 'provider_name' parameter in all versions up to 4.1.3. This flaw enables authenticated attackers, with Contributor-level access and above, to inject malicious scripts into pages. Upon accessing an injected page, the web scripts are executed, potentially compromising user data or leading to unauthorized actions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share