CVE-2024-11224
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-11224 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Parallax Image plugin for WordPress. This issue, present in all versions up to 1.9, allows authenticated attackers with Contributor-level access or higher to inject malicious scripts via the 'position' parameter. The insufficient input sanitization and output escaping in the plugin enable the attacker to execute their code whenever a user visits an injected page. Successful exploitation of this vulnerability can lead to unintended website functionality or data exposure. It is recommended that affected users update the plugin to the latest version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.