CVE-2024-11827

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Dec 13, 2024
CWE ID 79

Summary

CVE-2024-11827 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Out of the Block: OpenStreetMap plugin for WordPress. This issue, which exists in all versions up to 2.8.3, stems from insufficient sanitization and escaping of user-supplied attributes in the plugin's ootb_query shortcode. Authenticated attackers with contributor-level access or higher can leverage this vulnerability to inject arbitrary web scripts into pages. These scripts will then execute each time a user accesses an injected page, posing a significant risk to website security and user privacy.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share