CVE-2024-5879

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 30, 2024
Updated: Sep 3, 2024
CWE ID 79

Summary

CVE-2024-5879 is a vulnerability affecting the HubSpot CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress in all versions up to and including 11.1.22, which allows for Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. Authenticated attackers with Contributor-level access can exploit this vulnerability to inject arbitrary web scripts into pages accessed by users. To remediate the issue, users should update to the latest version of the plugin where patches have been implemented. The potential danger includes unauthorized script execution that could compromise user data or session integrity, posing a medium severity risk with an exploitability score of 2.3. Given that user interaction is required for exploitation, organizations should remain vigilant in monitoring and applying security updates promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share