CVE-2024-11683
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-11683 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Newsletter Subscriptions plugin for WordPress. Versions up to and including 2.1 are vulnerable due to insufficient input sanitization and output escaping. The 'token_type' parameter is the attack vector. Unauthenticated attackers can inject arbitrary web scripts into pages, potentially tricking users into clicking malicious links and executing the scripts. This vulnerability poses a serious security risk, as it allows for code injection and potential data theft or website defacement. Users should update to the latest version of the plugin as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.