CVE-2024-44043

Summary

CVE-2024-44043 is a recently disclosed Cross-site Scripting (XSS) vulnerability affecting the Photo Gallery plugin by 10Web. This issue, classified as Improper Neutralization of Input During Web Page Generation, allows an attacker to inject malicious scripts into a victim's webpage by exploiting a vulnerability in the plugin's code. Stored XSS attacks can persist even after the initial point of entry is patched, posing a significant risk. Versions of the Photo Gallery plugin from n/a through 1.8.27 are reportedly affected. Users are strongly encouraged to update their plugins as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.