CVE-2024-44039

Summary

CVE-2024-44039 is a Cross-Site Scripting (XSS) vulnerability affecting WP Travel, a popular WordPress plugin used for creating travel booking websites. The vulnerability, which permits Stored XSS, occurs due to improper neutralization of user input during web page generation. This issue can be exploited by attackers to inject malicious scripts into a user's web browser, potentially leading to unauthorized account access, data theft, or other malicious activities. WP Travel versions from n/a through 9.3.1 are reportedly impacted by this security flaw. Users are urged to update their plugins to the latest version as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.