CVE-2024-11921

Summary

CVE-2024-11921 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the GiveWP WordPress plugin before version 3.19.0. This issue arises due to the plugin's failure to properly sanitize and escape a user-supplied parameter, making it susceptible to XSS attacks. An attacker could exploit this vulnerability by injecting malicious scripts into pages viewed by high-privilege users such as admins, potentially leading to unauthorized access or data theft. In essence, CVE-2024-11921 constitutes a severe security risk for WordPress websites running an outdated version of the GiveWP plugin. An attacker can inject malicious scripts by exploiting the unsanitized user input, posing a significant threat to admin users who may fall prey to this vulnerability. Users are advised to update their GiveWP plugin to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.