CVE-2024-11827
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-11827 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Out of the Block: OpenStreetMap plugin for WordPress. This issue, which exists in all versions up to 2.8.3, stems from insufficient sanitization and escaping of user-supplied attributes in the plugin's ootb_query shortcode. Authenticated attackers with contributor-level access or higher can leverage this vulnerability to inject arbitrary web scripts into pages. These scripts will then execute each time a user accesses an injected page, posing a significant risk to website security and user privacy.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.