CVE-2024-12256

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 79

Summary

CVE-2024-12256 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Simple Video Management System plugin for WordPress.Versions up to and including 1.0.4 are vulnerable due to insufficient input sanitization and output escaping of the 'analytics_video' parameter.An unauthenticated attacker can exploit this vulnerability by injecting arbitrary web scripts, which can be executed if a user is tricked into taking a specific action such as clicking on a malicious link.Successfully exploiting this vulnerability can lead to the injection of malicious code, potentially resulting in data theft or unauthorized access to user accounts.Users are advised to update to the latest version of the plugin or remove it altogether if it is no longer needed to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share