CVE-2024-12583

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Jan 4, 2025
CWE ID 1336

Summary

CVE-2024-12583 is a Remote Code Execution and Arbitrary File Read vulnerability affecting the Dynamics 365 Integration plugin for WordPress. This issue, present in all versions up to 1.3.23, arises due to insufficient input validation and sanitization on the render function. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability to execute server-side code or read arbitrary files, posing a significant security risk. It is strongly recommended that users update the plugin to the latest version as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share