CVE-2024-6262
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-6262 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Portfolio Gallery plugin for WordPress. The issue lies in the plugin's 'PFG' shortcode, which does not perform adequate input sanitization and output escaping on user-supplied attributes. This flaw enables authenticated attackers with contributor-level access and above to inject malicious web scripts. Once executed, these scripts can take control of the affected user's session, potentially leading to data theft, unauthorized system access, or other malicious activities. It is crucial that WordPress users update their Portfolio Gallery plugin to the latest version (1.6.5) or higher to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.