CVE-2024-13504

Summary

CVE-2024-13504 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress. Versions up to and including 1.7.42 are susceptible to this issue. Unauthenticated attackers can exploit this vulnerability by uploading malicious dfxp files. These files are then executed whenever a user accesses the infected file, allowing attackers to inject arbitrary web scripts. This issue only affects Apache-based environments, where dfxp files are handled by default. Successful exploitation can result in significant security risks, including data theft and unauthorized access. WordPress users are advised to update their plugin to the latest version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.