CVE-2024-54416

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54416 is a newly disclosed vulnerability affecting Wp Login with Ajax, a WordPress plugin used for login and registration. The issue combines a Cross-Site Request Forgery (CSRF) weakness with Stored XSS (Cross-Site Scripting) capabilities. An attacker can exploit this vulnerability to inject malicious scripts into unsuspecting users' browsers, potentially leading to data theft or website defacement. The flaw exists in versions 0.1 through 0.6 of the plugin, and users are encouraged to update as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KLVS_
https://www.cve.org/CVERecord?id=CVE-2024-54416
https://nvd.nist.gov/vuln/detail/CVE-2024-54416

Back to Vulnerability Database

CVE-2024-54416

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations