CVE-2024-12290
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Jan 7, 2025
CWE ID 79
Summary
CVE-2024-12290 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Infility Global plugin for WordPress. Versions up to and including 2.9.8 are impacted by this issue. The root cause is insufficient input sanitization and output escaping in the 'set_type' parameter. An attacker can exploit this vulnerability by injecting arbitrary web scripts, allowing them to execute malicious code in the browser of an unsuspecting user. Successful exploitation requires the user to perform a specific action, such as clicking on a crafted link.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share