CVE-2024-54440

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54440 is a newly disclosed vulnerability affecting the WP-Ban-User plugin for WordPress. This issue combines Cross-Site Request Forgery (CSRF) and Stored XSS (Cross-Site Scripting) vulnerabilities in the plugin. An attacker can exploit the CSRF weakness to execute malicious actions on behalf of a user, while the Stored XSS component allows injection of malicious scripts into web pages viewed by other users. The WP-Ban-User plugin, with a version range from not available to 1.0, is the affected software. Users are advised to update to the latest version or consider alternative security measures to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KXRvQ
https://www.cve.org/CVERecord?id=CVE-2024-54440
https://nvd.nist.gov/vuln/detail/CVE-2024-54440

Back to Vulnerability Database

CVE-2024-54440

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations