CVE-2024-12409

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 30, 2025

Updated: Feb 18, 2025

CWE ID 79

Summary

CVE-2024-12409: The Simple:Press Forum plugin for WordPress, affecting versions up to 6.10.11, has a Reflected Cross-Site Scripting (XSS) vulnerability. This issue stems from insufficient input sanitization and output escaping on the 's' parameter. An attacker can exploit this flaw by injecting malicious web scripts, potentially tricking users into clicking on a malicious link and executing the code. Unauthenticated attackers can leverage this vulnerability to gain unauthorized access or steal sensitive data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1dD3gi
https://www.cve.org/CVERecord?id=CVE-2024-12409
https://nvd.nist.gov/vuln/detail/CVE-2024-12409

Back to Vulnerability Database

CVE-2024-12409

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations