CVE-2024-12323

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 10, 2024
CWE ID 79

Summary

CVE-2024-12323 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the turboSMTP plugin for WordPress. The issue lies in the insufficient input sanitization and output escaping of the 'page' parameter, allowing unauthenticated attackers to inject arbitrary web scripts. Successful exploitation of this vulnerability requires users to perform an action, such as clicking on a malicious link, while logged in to turboSMTP. This can lead to the execution of malicious scripts in the user's web browser, potentially resulting in data theft or unauthorized account access. The vulnerability affects all versions up to and including 4.6.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share