CVE-2024-11326

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 3, 2024
CWE ID 79

Summary

CVE-2024-11326 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Campaign Monitor Forms plugin for WordPress. Versions up to and including 2.5.7 are vulnerable to this issue. The flaw arises from the plugin's use of add_query_arg without proper escaping on URLs. Consequently, attackers can inject arbitrary web scripts into pages, potentially tricking users into executing malicious code by clicking on specially crafted links.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share