CVE-2024-12583
CVSS 3.1 Score 9.9 of 10 (high)
Details
Summary
CVE-2024-12583 is a Remote Code Execution and Arbitrary File Read vulnerability affecting the Dynamics 365 Integration plugin for WordPress. This issue, present in all versions up to 1.3.23, arises due to insufficient input validation and sanitization on the render function. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability to execute server-side code or read arbitrary files, posing a significant security risk. It is strongly recommended that users update the plugin to the latest version as soon as possible to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.