CVE-2024-6393
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Nov 25, 2024
Summary
CVE-2024-6393 is a vulnerability affecting the Photo Gallery, Sliders, Proofing, and WordPress plugin prior to version 3.59.5. This issue permits high privilege users, such as Admins, to execute Stored Cross-Site Scripting attacks. Even in multisite setups where the unfiltered_html capability is disallowed, this vulnerability can still be exploited due to the plugin's failure to sanitize and escape certain Image settings.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share