CVE-2024-13319

Summary

CVE-2024-13319 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Themify Builder plugin for WordPress. Versions up to and including 7.6.5 are impacted by this issue. The vulnerability arises due to the plugin's use of add_query_arg without proper escaping on URLs. This allows unauthenticated attackers to inject arbitrary web scripts into pages by tricking users into taking specific actions, such as clicking on malicious links. Successful attacks could lead to the execution of malicious code and potential data breaches. Users are strongly encouraged to update the Themify Builder plugin to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.