CVE-2024-6262

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Jun 27, 2024

Summary

CVE-2024-6262 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Portfolio Gallery plugin for WordPress. The issue lies in the plugin's 'PFG' shortcode, which does not perform adequate input sanitization and output escaping on user-supplied attributes. This flaw enables authenticated attackers with contributor-level access and above to inject malicious web scripts. Once executed, these scripts can take control of the affected user's session, potentially leading to data theft, unauthorized system access, or other malicious activities. It is crucial that WordPress users update their Portfolio Gallery plugin to the latest version (1.6.5) or higher to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-6262 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database