CVE-2024-13115

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 4, 2025

Summary

CVE-2024-13115 is a vulnerability affecting the WP Projects Portfolio with Client Testimonials WordPress plugin. This issue permits attackers to inject Stored XSS payloads by exploiting the lack of Cross-Site Request Forgery (CSRF) checks and insufficient sanitization and escaping in certain areas of the plugin. Successful exploitation could lead to the injection of malicious scripts into web pages viewed by other users, potentially leading to serious security consequences. It is recommended that users update the plugin to a version that addresses this vulnerability as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2F0jXG
https://www.cve.org/CVERecord?id=CVE-2024-13115
https://nvd.nist.gov/vuln/detail/CVE-2024-13115

Back to Vulnerability Database

CVE-2024-13115

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations