CVE-2024-13098

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 1, 2025

Updated: Feb 4, 2025

Summary

CVE-2024-13098 is a Reflected Cross-Site Scripting vulnerability affecting the WordPress Email Newsletter plugin before version 1.1. Malicious scripts can be injected into a parameter and reflected back onto the page, posing a threat to high privilege users such as admin. The plugin fails to sanitize and escape the user input, making it susceptible to this attack. Successful exploitation could lead to unauthorized access or data theft. Users are strongly advised to update the plugin to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2ErrJ2
https://www.cve.org/CVERecord?id=CVE-2024-13098
https://nvd.nist.gov/vuln/detail/CVE-2024-13098

Back to Vulnerability Database

CVE-2024-13098

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations