CVE-2024-53736

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 28, 2024
CWE ID 352

Summary

CVE-2024-53736 is a newly disclosed vulnerability that affects the Custom Shortcode Sidebars plugin, specifically versions from n/a to 1.2. This issue combines a Cross-Site Request Forgery (CSRF) weakness with Stored XSS (Cross-Site Scripting), allowing attackers to inject malicious scripts into users' webpages. The CSRF vulnerability enables unauthorized modification of plugin settings, while the Stored XSS component lets attackers execute scripts on users' browsers when they view a manipulated page. This could lead to serious security breaches and data theft. It is critical for users to update the Custom Shortcode Sidebars plugin as soon as a patch is available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share