CVE-2024-12768

Summary

CVE-2024-12768 is a stored cross-site scripting (XSS) vulnerability affecting the Responsive iframe WordPress plugin up to version 1.2.0. This issue allows contributors and higher-level users to inject malicious scripts into a webpage or post where the iframe block is embedded. The plugin fails to validate and escape certain block options, making it possible for attackers to execute scripts on unsuspecting users visiting the affected site. Successful exploitation could result in data theft, unauthorized account access, or further compromise of the WordPress installation. Users are advised to update the plugin to the latest version as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.