CVE-2024-6165

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jul 31, 2024
Updated: Aug 1, 2024

Summary

CVE-2024-6165 is a vulnerability affecting the WANotifier WordPress plugin before version 2.6.1. This issue permits high privilege users, such as administrators, to execute Stored Cross-Site Scripting attacks. Despite the unfiltered_html capability being disallowed, particularly in multisite setups, the plugin fails to sanitize and escape certain settings, making it susceptible to these attacks. This could potentially lead to unintended code execution and serious security implications for WordPress websites using the vulnerable plugin.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share