CVE-2024-6588

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Jul 12, 2024

Summary

CVE-2024-6588 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the PowerPress Podcasting plugin for WordPress by Blubrry. Versions up to and including 11.9.10 are impacted by this issue. The vulnerability stems from inadequate input sanitization and output escaping related to the ‘media_url’ parameter. Unauthenticated attackers can capitalize on this weakness by injecting arbitrary web scripts, which may lead to the execution of malicious code when users unwittingly trigger the action, such as clicking on a specially crafted link.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share