CVE-2024-13055

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 27, 2025

Summary

CVE-2024-13055 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Dyn Business Panel WordPress plugin before version 1.0.0. This issue arises due to insufficient input validation, allowing attackers to inject malicious scripts into the page and potentially gain administrative privileges by exploiting unsuspecting high-level users. The unsanitised and escaped parameter output is the root cause, making it crucial for users to update the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2C41Kc
https://www.cve.org/CVERecord?id=CVE-2024-13055
https://nvd.nist.gov/vuln/detail/CVE-2024-13055

Back to Vulnerability Database

CVE-2024-13055

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations