CVE-2024-13822

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 24, 2025
CWE ID 79

Summary

CVE-2024-13822: The Photo Contest plugin for WordPress, versions up to 2.8.1, is vulnerable to Reflected Cross-Site Scripting (XSS). This issue arises due to insufficient sanitization and escaping of user-supplied data. Attackers can exploit this vulnerability by injecting malicious scripts into the plugin's parameters, potentially gaining access to administrative accounts. This could lead to serious security consequences, particularly for high-privilege users such as admin users.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share