CVSS 3.1 Score 5.4 of 10 (medium)


Published Mar 26, 2024


CVE-2024-29810 is a vulnerability that affects the thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php. This vulnerability allows for reflected Cross Site Scripting (XSS), where arbitrary JavaScript can be inserted and executed. To exploit this vulnerability, the attacker must target an authenticated user with permissions to access this component. The risk score for this vulnerability is 25, indicating a medium severity level. The base score is 5.4, with low privileges required and user interaction being required. The attack vector is through the network, and both integrity impact and confidentiality impact are low. The availability impact is none. Remediation for this vulnerability would involve implementing proper input validation and sanitization techniques to prevent XSS attacks.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-29810 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options