CVE-2024-13626

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 17, 2025

Updated: Feb 19, 2025

Summary

CVE-2024-13626 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the VR-Frases WordPress plugin. The plugin, used for collecting and sharing quotes, fails to sanitize and escape a user input parameter. This oversight allows an attacker to inject malicious scripts into the webpage. The vulnerability poses a significant risk, particularly to high-privilege users like administrators, who could be exploited upon clicking a specially crafted link or visiting a malicious website. Successful exploitation could result in unauthorized access, data theft, or even complete site takeover. The plugin version prior to 3.0.1 is the one reported to be vulnerable. Users are advised to update the plugin or remove it if it is no longer needed to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database