CVE-2024-53723

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 2, 2024
CWE ID 352

Summary

CVE-2024-53723 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Google Plus Share and +1 Button. This issue permits Stored XSS (Cross-Site Scripting) attacks. An adversary can exploit this weakness by tricking a user into clicking a malicious link containing a malicious script. As a result, the attacker can inject and execute malicious code in the victim's web browser, posing a significant security threat. The vulnerability affects versions of Google Plus Share and +1 Button ranging from n/a to 1.0. Users are advised to update their applications as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Google Plus Share And 1 Button Plugin

Affected Vendors

  • WordPress