CVE-2024-52434
CVSS 3.1 Score 9.1 of 10 (high)
Details
Published Nov 18, 2024
Updated: Nov 20, 2024
CWE ID 1336
CWE ID 94
Summary
CVE-2024-52434 is a new vulnerability disclosed in Supsystic Popup, a plugin used for creating pop-ups on WordPress websites. The issue involves an Improper Neutralization of Special Elements Used in a Template Engine, which results in Command Injection vulnerability. Attackers can exploit this flaw to inject malicious commands into the system, potentially leading to serious security consequences. The vulnerability affects Supsystic Popup from all versions prior to 1.10.29. Users are advised to update the plugin to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Supsystic