CVE-2024-13010

Summary

CVE-2024-13010 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WP Foodbakery plugin for WordPress. Versions up to and including 4.7 are impacted by this issue. The vulnerability stems from insufficient input sanitization and output escaping on the 'search_type' parameter. An attacker can exploit this weakness by injecting arbitrary web scripts, which can potentially harm users if they are tricked into clicking on a malicious link. Unauthenticated attackers can leverage this vulnerability to gain control over a user's web session or steal sensitive information. It is essential to update the plugin to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.