CVE-2024-11374
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-11374 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the TWChat plugin for WordPress. In versions up to 4.0.4, the plugin does not properly escape URLs when using the remove_query_arg function. This flaw allows unauthenticated attackers to inject arbitrary web scripts, which can execute if a user is tricked into performing an action such as clicking on a malicious link. Successful exploitation could result in data theft, unauthorized account access, or other malicious activities. Users of the TWChat plugin are strongly advised to update to the latest version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.