CVE-2024-11204
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Dec 6, 2024
CWE ID 79
Summary
CVE-2024-11204 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the ForumWP plugin for WordPress. Versions up to and including 2.1.2 are impacted. The issue stems from insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject arbitrary web scripts. By tricking users into performing an action, such as clicking on a malicious link, attackers can execute the injected scripts and potentially gain control over user sessions or steal sensitive data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share