CVE-2024-12872

Summary

CVE-2024-12872 is a vulnerability affecting the Zalomení WordPress plugin before version 1.6. This issue allows high privilege users, including administrators, to execute Stored Cross-Site Scripting (XSS) attacks. The plugin fails to sanitize and escape certain settings, enabling attackers to inject malicious scripts even if the unfiltered_html capability is disabled, particularly in multisite setups. This vulnerability poses a significant risk to websites running the affected plugin, potentially leading to unauthorized access or data breaches. Users are advised to update to the latest version of the plugin as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.