CVE-2024-11367
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-11367: The Smoove connector for Elementor forms plugin in WordPress, affecting versions up to 4.1.0, is susceptible to Reflected Cross-Site Scripting (XSS) attacks. This vulnerability arises due to the improper use of add_query_arg without adequate escaping on URLs. An attacker can exploit this flaw by injecting malicious scripts, which can be executed if a user is tricked into performing a specific action, like clicking on a malicious link. Unauthenticated attackers can leverage this vulnerability to compromise WordPress websites using the Smoove connector for Elementor forms plugin.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.