CVE-2024-12189

Summary

CVE-2024-12189 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WDesignKit plugin for WordPress. This issue, present in all versions up to 1.2.2, allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into custom widgets. The insufficient sanitization and output escaping in the plugin enable the attacker's scripts to be stored and executed whenever a user visits an injected page. This vulnerability could lead to unintended content being displayed, unauthorized access, or sensitive data exposure. It is crucial for users to update the plugin to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.