CVE-2024-13704

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 18, 2025

Updated: Feb 21, 2025

CWE ID 79

CWE ID 80

Summary

CVE-2024-13704 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Super Testimonials plugin for WordPress. Versions up to and including 4.0.1 are exposed due to insufficient input sanitization and output escaping of the 'st_user_title' parameter. This vulnerability allows unauthenticated attackers to inject malicious web scripts into pages. Once injected, these scripts will execute whenever an unsuspecting user accesses an affected page, potentially leading to data theft or unauthorized account access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2wN7hG
https://www.cve.org/CVERecord?id=CVE-2024-13704
https://nvd.nist.gov/vuln/detail/CVE-2024-13704

Back to Vulnerability Database

CVE-2024-13704

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations