CVE-2024-12173

Summary

CVE-2024-12173 is a vulnerability affecting the Master Slider WordPress plugin before version 3.10.5. The issue arises from the plugin's failure to properly sanitize and escape some of its settings. This can allow high privilege users, such as Editors and above, to execute Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is restricted, particularly in multisite setups. This vulnerability poses a significant security risk as it enables attackers to inject malicious scripts into a website, potentially leading to data theft, unauthorized access, or other malicious activities.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.