CVE-2024-6766
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-6766 is a newly disclosed vulnerability affecting the Shortcodes Ultimate Pro plugin used in WordPress sites. This issue allows contributors and above to execute Stored Cross-Site Scripting attacks by exploiting the plugin's lack of validation and escaping for certain shortcode attributes. Attackers can manipulate these attributes to inject malicious scripts into web pages or posts where the shortcode is embedded, potentially compromising the entire site. The vulnerability affects all versions of the plugin below 7.2.1 and poses a significant threat to WordPress sites that have not yet applied the necessary patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.