CVE-2024-8267

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 79

Summary

CVE-2024-8267 identifies a Stored Cross-Site Scripting vulnerability in the Radio Player plugin for WordPress, affecting all versions up to and including 2.0.78 due to inadequate input sanitization. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary scripts that execute when users visit the affected page. The potential danger includes unauthorized script execution, which can compromise user data and site integrity. To remediate this issue, it is recommended that users update the plugin to the latest version where this vulnerability has been addressed. The severity of this vulnerability is rated as medium, with an exploitability score of 3.1, indicating a relatively low level of privileges required for exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share