CVE-2024-12024

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 17, 2024

Updated: Jan 10, 2025

CWE ID 79

Summary

CVE-2024-12024 is a stored Cross-Site Scripting (XSS) vulnerability affecting the EventPrime plugin for WordPress. This issue, which exists in all versions up to 4.0.5.3, allows unauthenticated attackers to inject arbitrary web scripts into em_ticket_category_data and em_ticket_individual_data parameters. The scripts will execute when an administrative user accesses an injected page. This vulnerability is significant because it can lead to the execution of malicious code, potentially granting attackers access to sensitive information or enabling further attacks. Notably, for this vulnerability to be exploited, the "Guest Submissions" setting must be enabled, which is disabled by default.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database