CVE-2024-29810

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Mar 26, 2024

Updated: Aug 2, 2024

CWE ID 79

Summary

CVE-2024-29810 is a Cross Site Scripting (XSS) vulnerability affecting the thumb_url parameter in an AJAX call to the editimage_bwg action of admin-ajax.php. An attacker can exploit this issue by injecting malicious JavaScript code into the thumb_url parameter value, which is then embedded within an existing JavaScript in the response. This allows the attacker to execute arbitrary JavaScript in the context of the targeted, authenticated user with permissions to access this component.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vCvXvS
https://www.cve.org/CVERecord?id=CVE-2024-29810
https://nvd.nist.gov/vuln/detail/CVE-2024-29810

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-29810

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations