CVE-2024-12098
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Jan 7, 2025
CWE ID 79
Summary
CVE-2024-12098 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the ARS Affiliate Page Plugin for WordPress. The issue, present in all versions up to 2.0.2, stems from insufficient input sanitization and output escaping. This weakness enables unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation of this vulnerability requires users to perform a specific action, such as clicking on a malicious link, resulting in the execution of the injected code.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share