CVE-2024-13517

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Jan 18, 2025

CWE ID 79

Summary

CVE-2024-13517 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Easy Digital Downloads plugin for WordPress, versions up to and including 3.3.2. Malicious scripts can be injected into the Title value, exploited by authenticated attackers with administrator-level access. This vulnerability potentially allows the execution of arbitrary web scripts on pages visited by users, posing a significant security risk. The threat is limited to multi-site installations and installations where the unfiltered_html option has been disabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2j3s5r
https://www.cve.org/CVERecord?id=CVE-2024-13517
https://nvd.nist.gov/vuln/detail/CVE-2024-13517

Back to Vulnerability Database

CVE-2024-13517

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations