CVE-2024-47625

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 5, 2024
CWE ID 79

Summary

CVE-2024-47625 identifies a stored Cross-site Scripting (XSS) vulnerability in the ThemeLooks Enter Addons plugin, affecting versions up to 2.1.8. This issue allows attackers to inject malicious scripts that can execute in the context of users accessing the affected web pages, potentially compromising user data and session integrity. The vulnerability requires low privileges and user interaction, with an exploitability score of 2.3 and a medium severity rating with a base score of 6.5 according to CVSS v3.1. To remediate this vulnerability, it is recommended that organizations update the Enter Addons plugin to the latest version available beyond 2.1.8 as outlined in available security patches. Failure to address this vulnerability could expose organizations to risks including unauthorized data access and manipulation through affected web applications.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share