CVE-2024-12529

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Jan 25, 2025

CWE ID 79

Summary

CVE-2024-12529 is a stored Cross-Site Scripting (XSS) vulnerability affecting the BrodosOnlineshop Plugin for WordPress. This issue, present in versions up to 2.0.2, allows authenticated attackers with contributor-level access or higher to inject malicious scripts into the 'BrodosCategory' shortcode. The insufficient input sanitization and output escaping on user-supplied attributes make it possible for the attacker to execute arbitrary web scripts whenever a user accesses an injected page. This vulnerability poses a significant risk to websites using the affected plugin and requires immediate patching.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1fG02W
https://www.cve.org/CVERecord?id=CVE-2024-12529
https://nvd.nist.gov/vuln/detail/CVE-2024-12529

Back to Vulnerability Database

CVE-2024-12529

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations