CVE-2024-6165
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Jul 31, 2024
Updated: Aug 1, 2024
Summary
CVE-2024-6165 is a vulnerability affecting the WANotifier WordPress plugin before version 2.6.1. This issue permits high privilege users, such as administrators, to execute Stored Cross-Site Scripting attacks. Despite the unfiltered_html capability being disallowed, particularly in multisite setups, the plugin fails to sanitize and escape certain settings, making it susceptible to these attacks. This could potentially lead to unintended code execution and serious security implications for WordPress websites using the vulnerable plugin.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share