CVE-2024-11765

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Dec 12, 2024
CWE ID 79

Summary

CVE-2024-11765 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress Portfolio Plugin. This plugin, used for creating filterable portfolio grids and sliders, is susceptible to XSS attacks due to insufficient input sanitization and output escaping on user-supplied attributes in the 'gs_portfolio' shortcode. Contributor-level users and above can exploit this vulnerability by injecting arbitrary web scripts that will execute when a user accesses an injected page. The vulnerability exists in all versions up to and including 1.6.3.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share