CVE-2024-54426

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54426 is a newly disclosed Cross-Site Request Forgery (CSRF) vulnerability that affects the Andy Fradelakis LeaderBoard Plugin. Malicious actors can exploit this issue to inject and execute malicious scripts on a victim's web browser through a specially crafted request. This vulnerability allows Stored XSS attacks, which can be particularly dangerous as they don't require user interaction and can persist even after the user logs out. The LeaderBoard Plugin, with versions from n/a through 1.2.4, is reportedly impacted by this issue. Users are urged to update to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KKWpA
https://www.cve.org/CVERecord?id=CVE-2024-54426
https://nvd.nist.gov/vuln/detail/CVE-2024-54426

Back to Vulnerability Database

CVE-2024-54426

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations