CVE-2024-12260
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-12260 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Ultimate Endpoints With Rest Api plugin for WordPress. This issue, which exists in all versions up to and including 2.2.2, arises due to insufficient input sanitization and output escaping of the 'page' parameter. Consequently, unauthenticated attackers can inject arbitrary web scripts into pages, potentially gaining control over a user's session or stealing sensitive data. To exploit this vulnerability, an attacker must trick a user into performing an action, such as clicking on a malicious link.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.