CVE-2024-11605

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Dec 27, 2024

Summary

CVE-2024-11605 is a vulnerability affecting the wp-publications WordPress plugin before version 1.2. This issue allows high privilege users, including admins, to execute Stored Cross-Site Scripting (XSS) attacks. The plugin fails to properly escape filenames before outputting them on pages, creating an opportunity for malicious scripts to be injected and executed. In multisite setups, even with the unfiltered_html capability disallowed, this vulnerability can still pose a significant risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share