CVE-2024-11363
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-11363 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Related Posts by Taxonomy plugin for WordPress. Versions up to and including 1.0.16 are susceptible to this issue. The vulnerability arises due to the inadequate escaping of URLs in the use of add_query_arg and remove_query_arg functions. Attackers can exploit this flaw by injecting arbitrary web scripts into pages, which can execute if a user is tricked into performing a specific action, such as clicking on a malicious link. This vulnerability poses a significant security risk, potentially allowing unauthenticated attackers to gain unauthorized access or control over affected WordPress installations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.