CVE-2024-13505

Summary

CVE-2024-13505 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Survey Maker plugin for WordPress. This issue, which arises from insufficient input sanitization and output escaping, allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages. Although the vulnerability can be exploited only in multi-site installations and installations with unfiltered_html disabled, it poses a significant risk due to the potential for executing malicious code whenever a user accesses an injected page. This vulnerability (up to and including version 5.1.3.3) underscores the importance of maintaining proper input validation and output encoding to safeguard against XSS attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.