CVE-2024-49294
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-12633 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the JoomSport plugin for WordPress. Versions up to 5.6.17 are vulnerable to this issue. Attackers can exploit this weakness by injecting malicious scripts through the 'page' parameter. The vulnerability arises due to insufficient input sanitization and output escaping. Unauthenticated hackers can use this flaw to execute arbitrary web scripts, potentially gaining control over users' browsers or stealing sensitive information. Users are advised to update their JoomSport plugin to a patched version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.