CVE-2024-11413
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-11413 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the HostFact bestelformulier integratie plugin for WordPress. This issue, present in versions 1.1 and below, stems from inadequate input sanitization and output escaping on user-supplied attributes within the plugin's 'bestelformulier' shortcode. Authenticated attackers with contributor-level access or above can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts will execute whenever an unsuspecting user accesses the manipulated page, posing a significant security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.