CVE-2024-54413

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54413 is a newly disclosed vulnerability affecting Display Future Posts, a plugin used in WordPress websites. The flaw combines Cross-Site Request Forgery (CSRF) and Stored XSS (Cross-Site Scripting) vulnerabilities. An attacker can exploit the CSRF weakness to induce users into making unintended actions on the affected site, while the Stored XSS component allows the injection of malicious scripts into web pages viewed by other users. This issue poses a significant security risk to websites using Display Future Posts versions from n/a through 0.2.3.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KLTWQ
https://www.cve.org/CVERecord?id=CVE-2024-54413
https://nvd.nist.gov/vuln/detail/CVE-2024-54413

Back to Vulnerability Database

CVE-2024-54413

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations