CVE-2024-12567
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Jan 13, 2025
Summary
CVE-2024-12567 is a stored XSS vulnerability affecting the Email Subscribers by Icegram Express WordPress plugin before version 5.7.45. This issue allows high-privilege users, including admins, to inject malicious scripts into form settings, bypassing the unfiltered_html capability restriction in multisite setups. This could potentially lead to unauthorized access or data theft, underscoring the importance of keeping WordPress plugins up-to-date to mitigate such risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.