CVE-2024-13331

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 4, 2025

Summary

CVE-2024-13331 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WP Dream Carousel WordPress plugin up to version 1.0.1b. This issue allows an attacker to inject malicious scripts into web pages viewed by other users, potentially gaining unauthorized access or stealing sensitive information from high privilege users such as admins. The plugin does not sanitise or escape user-supplied input before outputting it back to the page, making it susceptible to XSS attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2W0sHI
https://www.cve.org/CVERecord?id=CVE-2024-13331
https://nvd.nist.gov/vuln/detail/CVE-2024-13331

Back to Vulnerability Database

CVE-2024-13331

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations