CVE-2024-11854
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Published Dec 4, 2024
CWE ID 79
Summary
CVE-2024-11854 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Listdom – Business Directory and Classified Ads Listings plugin for WordPress. This issue, present in all versions up to 3.7.0, allows authenticated attackers with Contributor-level access or higher to inject malicious scripts. These scripts are executed whenever a user visits a specially crafted page, potentially leading to unintended actions or information disclosure. The root cause is insufficient input sanitization and output escaping of the 'shortcode' parameter.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share