CVE-2024-12468

Summary

CVE-2024-12468 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WP Datepicker plugin for WordPress.Versions up to and including 2.1.4 are susceptible to this issue due to insufficient sanitization and output escaping of the 'wpdp_get_selected_datepicker' parameter. Unauthenticated attackers can exploit this vulnerability by injecting arbitrary web scripts, which are executed when a user performs certain actions like clicking on a malicious link. This puts users at risk of having their browsing sessions hijacked, sensitive information exposed, or other malicious activities carried out. It is highly recommended that users upgrade to the latest version of the plugin or disable it altogether as a temporary measure until a patch is released.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.