CVE-2024-13624

Summary

CVE-2024-13624 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WPMovieLibrary WordPress plugin before version 2.1.4.8. This issue arises due to insufficient input validation, allowing an attacker to inject malicious scripts into web pages viewed by high-privilege users, such as admins. The unsanitized and escaped parameter creates a security loophole, potentially enabling attackers to steal sensitive information, manipulate user sessions, or perform other unauthorized actions. Opportunistic attackers could exploit this flaw by tricking users into visiting a specially crafted webpage, enabling them to execute their malicious code within the user's browser. Users should update their WPMovieLibrary plugin to the latest version or consider disabling it until a patch is available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.