CVE-2024-5029

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 21, 2024
CWE ID 908

Summary

CVE-2024-5029 is a vulnerability affecting the CM Table Of Contents WordPress plugin before version 1.2.4. This issue allows attackers to execute Stored Cross-Site Scripting (XSS) attacks against logged-in admin users. The flaw stems from the lack of Cross-Site Request Forgery (CSRF) protection and insufficient input sanitization and escaping when updating plugin settings. As a result, adversaries can inject malicious scripts, potentially leading to unauthorized access or data theft. It is crucial for WordPress users to update the plugin to its latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share