CVE-2024-11429

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 5, 2024
CWE ID 98

Summary

CVE-2024-11429 is a local file inclusion vulnerability affecting the Free Responsive Testimonials plugin for WordPress. Versions up to and including 3.3.3 are vulnerable. This issue allows authenticated attackers with contributor-level access and above to execute arbitrary PHP files on the server by manipulating the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. Attackers can exploit this vulnerability to bypass access controls, obtain sensitive data, or execute malicious code, posing a significant threat to WordPress sites using the affected plugin.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share