CVE-2024-12160
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-12160 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Seraphinite Bulk Discounts plugin for WordPress in versions up to 2.4.6. The issue stems from the use of add_query_arg without proper escaping in the plugin's URL handling. This flaw allows unauthenticated attackers to inject malicious web scripts into pages, potentially tricking users into clicking malicious links and executing the attacker's code. Successful exploitation of this vulnerability could lead to stolen user data, site defacement, or further compromises. Users are advised to update the plugin to the latest version or consider removing it if it's no longer necessary.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.