CVE-2024-24804
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-24804 is a Cross-site Scripting (XSS) vulnerability affecting MW WP Form, a plugin used for creating forms in WordPress websites. The issue lies in the improper neutralization of user input during web page generation. Attackers can exploit this vulnerability to execute malicious scripts on affected websites, potentially stealing sensitive user data or taking control of the site. Affected versions of MW WP Form range from not available to 5.0.6. It is highly recommended that users update their plugins to the latest, secure version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.