CVE-2024-6692
CVSS 3.1 Score 3.3 of 10 (low)
Details
Summary
CVE-2024-6692 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Easy Digital Downloads plugin for WordPress, versions up to 3.3.2. This issue arises from insufficient input sanitization and output escaping, enabling authenticated attackers with administrator-level access to inject malicious scripts into the agreement text value. The vulnerability poses a risk for multi-site installations and those where unfiltered_html has been disabled. Successful exploitation allows attackers to execute arbitrary web scripts when users access injected pages.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.