CVE-2024-5029
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-5029 is a vulnerability affecting the CM Table Of Contents WordPress plugin before version 1.2.4. This issue allows attackers to execute Stored Cross-Site Scripting (XSS) attacks against logged-in admin users. The flaw stems from the lack of Cross-Site Request Forgery (CSRF) protection and insufficient input sanitization and escaping when updating plugin settings. As a result, adversaries can inject malicious scripts, potentially leading to unauthorized access or data theft. It is crucial for WordPress users to update the plugin to its latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX