CVSS 3.1 Score 5.4 of 10 (medium)


Published Feb 10, 2024
Updated: Feb 16, 2024


CVE-2024-24803 is a vulnerability categorized as CVE-79, which refers to the "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" vulnerability. It affects the Ultra Companion – Companion plugin for WPoperation Themes, specifically versions from n/a through 1.1.9. The vulnerability allows for Stored Cross-Site Scripting (XSS) attacks. The base severity is rated as MEDIUM, with a base score of 5.4 and an impact score of 2.7. The exploitability score is 2.3, and the privileges required are low with user interaction required. The attack vector is through the network, and the potential danger to an organization includes low integrity and confidentiality impacts. The availability impact is none.

To remediate this vulnerability, organizations should update their Ultra Companion – Companion plugin for WPoperation Themes to a version beyond 1.1.9 or apply any available patches provided by the vendor. This will help prevent potential attacks exploiting this vulnerability and reduce the risk posed to organizations utilizing this plugin.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-24803 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options