CVE-2024-53736
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2024-53736 is a newly disclosed vulnerability that affects the Custom Shortcode Sidebars plugin, specifically versions from n/a to 1.2. This issue combines a Cross-Site Request Forgery (CSRF) weakness with Stored XSS (Cross-Site Scripting), allowing attackers to inject malicious scripts into users' webpages. The CSRF vulnerability enables unauthorized modification of plugin settings, while the Stored XSS component lets attackers execute scripts on users' browsers when they view a manipulated page. This could lead to serious security breaches and data theft. It is critical for users to update the Custom Shortcode Sidebars plugin as soon as a patch is available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.