CVE-2024-53812

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 6, 2024
CWE ID 79

Summary

CVE-2024-53812 is a Cross-Site Scripting (XSS) vulnerability affecting WP GeoNames, a WordPress plugin used for displaying geographical information. The flaw, which allows Reflected XSS attacks, is due to improper neutralization of user input during web page generation. This issue can potentially be exploited to inject malicious scripts into web pages viewed by other users, posing a threat to data confidentiality and integrity. WP GeoNames versions from n/a through 1.8 are reportedly impacted by this vulnerability. Users are strongly advised to update to the latest, secure version as soon as possible to protect against potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share