CVE-2024-54332

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54332 is a newly disclosed vulnerability affecting the WP Currency Exchange Rates plugin for WordPress. This issue combines a Cross-Site Request Forgery (CSRF) weakness and a Stored XSS (Cross-Site Scripting) flaw. Attackers can exploit the CSRF vulnerability to execute malicious scripts on a targeted user's browser, while the Stored XSS component enables them to inject harmful code that remains active even after the page is reloaded. The vulnerability affects all versions of WP Currency Exchange Rates from n/a through 1.2.0. Users are strongly advised to update their plugins to the latest, secure version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database