CVE-2024-54411

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54411 is a newly disclosed vulnerability affecting the WP Controller component of hosting.io and campaigns.io. This issue involves a Cross-Site Request Forgery (CSRF) vulnerability that also includes Stored XSS (Cross-Site Scripting) capabilities. The CSRF weakness allows unauthorized command injection, while the Stored XSS flaw permits attackers to inject malicious scripts that can be executed in the context of affected users. This vulnerability affects WP Controller versions from n/a through 3.2.0. Users are strongly encouraged to apply the necessary patches as soon as possible to mitigate the potential risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KLKF6
https://www.cve.org/CVERecord?id=CVE-2024-54411
https://nvd.nist.gov/vuln/detail/CVE-2024-54411

Back to Vulnerability Database

CVE-2024-54411

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations