CVE-2024-7489

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Oct 12, 2024
Updated: Oct 15, 2024
CWE ID 79

Summary

CVE-2024-7489 identifies a vulnerability in the "Forms for Mailchimp by Optin Cat" WordPress plugin, affecting all versions up to and including 2.5.6, which is susceptible to Stored Cross-Site Scripting (XSS) due to inadequate input sanitization and output escaping. This vulnerability allows authenticated attackers with editor-level access to inject malicious scripts into pages, impacting only multi-site installations or those where unfiltered_html is disabled. The potential risk includes low integrity and confidentiality impacts, posing a medium severity threat to organizations that utilize this plugin. To remediate the issue, it is advised to update the plugin to a version beyond 2.5.6 to eliminate the vulnerability. Failure to address this could result in unauthorized script execution whenever users access affected pages, leading to possible data compromise or site manipulation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share