CVE-2024-12258
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-12258 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WP Service Payment Form With Authorize.net plugin for WordPress. The issue lies in versions up to and including 2.6.3, which fail to adequately sanitize and escape user input in the 'page' parameter. As a result, unauthenticated attackers can inject arbitrary web scripts into pages, potentially gaining control over user actions, such as persuading them to click on malicious links. This vulnerability poses a significant threat to WordPress sites using this plugin and warrants immediate attention and remediation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.