CVE-2024-13867

Summary

CVE-2024-13867 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Listivo - Classified Ads WordPress Theme. This issue, present in all versions up to 2.3.67, stems from insufficient input sanitization and output escaping. attackers can exploit this vulnerability by injecting arbitrary web scripts via the 's' parameter. Successful exploitation allows attackers to execute malicious code on pages visited by users who perform a specific action, such as clicking on a malicious link. Unauthenticated attackers can leverage this vulnerability to gain unauthorized access or steal sensitive data. Users are urged to update to the latest version of the Listivo theme to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.