CVE-2024-11287

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 21, 2024
Updated: Feb 28, 2025
CWE ID 79

Summary

CVE-2024-11287 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Ebook Store plugin for WordPress. Versions up to and including 5.8001 are impacted by this issue. Attackers can exploit this vulnerability by injecting arbitrary web scripts into pages using add_query_arg function without proper escaping on URLs. Successful exploitation requires users to perform an action such as clicking on a malicious link, putting them at risk of having their browsing session hijacked or sensitive information stolen.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share