CVE-2024-11606
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-11606 is a vulnerability affecting the Tabs Shortcode WordPress plugin up to version 2.0.2. This issue allows users with the contributor role and above to execute Stored Cross-Site Scripting attacks. The plugin does not properly validate and sanitize shortcode attributes before outputting them on a page or post where the shortcode is embedded. Attackers can exploit this vulnerability by injecting malicious scripts into the plugin's shortcode attributes, leading to potential data theft or site takeover. WordPress users are strongly advised to update to the latest version of the plugin to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.