CVE-2024-53717

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 2, 2024
CWE ID 352

Summary

CVE-2024-53717 is a newly disclosed vulnerability affecting the yPHPlista software, specifically versions from n/a to 1.1.1. This issue combines two serious threats: a Cross-Site Request Forgery (CSRF) weakness and a Stored Cross-Site Scripting (XSS) vulnerability. A successful exploit of the CSRF flaw could force unintended actions from a user, while the Stored XSS component enables an attacker to inject malicious scripts into web pages viewed by other users. The combination of these vulnerabilities poses a significant risk to the security of platforms utilizing the affected version of yPHPlista.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Yphplista Plugin

Affected Vendors

  • WordPress