CVE-2024-11368

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 79

Summary

CVE-2024-11368 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Splash Sync plugin for WordPress. Versions up to and including 2.0.6 are impacted by this issue. Attackers can exploit this vulnerability by injecting arbitrary web scripts through the use of add_query_arg function without proper escaping on the URL. This allows unauthenticated attackers to trick users into performing an action, such as clicking on a malicious link, and execute the injected scripts on affected pages. Successful exploitation of this vulnerability can potentially lead to data theft, unauthorized access, or site defacement. Users are strongly advised to update to the latest version of the plugin to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share