CVSS 3.1 Score 6.4 of 10 (medium)


Published Mar 20, 2024


CVE-2024-2304 is a vulnerability found in the Animated Headline plugin for WordPress, affecting all versions up to and including 4.0. The vulnerability allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts into pages using the plugin's 'animated-headline' shortcode. Insufficient input sanitization and output escaping on user supplied attributes make it possible for the injected scripts to execute whenever a user accesses an affected page. The risk score for this vulnerability is 25, with a base severity of MEDIUM and a base score of 6.4. The exploitability score is 3.1, indicating a relatively low difficulty in exploiting the vulnerability. The potential danger posed to organizations includes the execution of malicious scripts and potential compromise of confidentiality and integrity, although the impact scores for these factors are low (2.7). Remediation for this vulnerability would involve updating to a version of the plugin that addresses the input sanitization and output escaping issues.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2304 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options