CVE-2024-11605
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Dec 27, 2024
Summary
CVE-2024-11605 is a vulnerability affecting the wp-publications WordPress plugin before version 1.2. This issue allows high privilege users, including admins, to execute Stored Cross-Site Scripting (XSS) attacks. The plugin fails to properly escape filenames before outputting them on pages, creating an opportunity for malicious scripts to be injected and executed. In multisite setups, even with the unfiltered_html capability disallowed, this vulnerability can still pose a significant risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.