CVE-2024-47380

Summary

CVE-2024-47627 is a newly identified Cross-Site Scripting (XSS) vulnerability affecting the WP Travel WP Travel Gutenberg Blocks plugin. The issue arises due to improper neutralization of user inputs during web page generation. An attacker can inject malicious scripts into a website, allowing them to execute arbitrary code in users' browsers. This vulnerability can be exploited to steal sensitive information, perform unauthorized actions, or redirect users to malicious websites. The affected versions of WP Travel Gutenberg Blocks range from n/a to 3.6.0. Users are advised to upgrade to the latest version or deactivate the plugin as a temporary measure, while they apply the necessary fix.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.