CVE-2024-8276

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Aug 31, 2024
Updated: Sep 3, 2024
CWE ID 79

Summary

CVE-2024-8276 identifies a Stored Cross-Site Scripting vulnerability in the WPZOOM Portfolio Lite – Filterable Portfolio Plugin for WordPress, affecting all versions up to and including 1.4.4. This vulnerability allows authenticated attackers with Contributor-level access and higher to inject malicious scripts via the 'align' attribute in the 'wp:wpzoom-blocks' Gutenberg block, exploiting inadequate input sanitization and output escaping. Organizations using this plugin face potential risks of executing arbitrary web scripts on injected pages when accessed by users. To remediate this issue, it is recommended that users update the plugin to a version beyond 1.4.4 where the vulnerability has been addressed. The severity of this vulnerability is rated as medium, with a CVSS base score of 6.4, highlighting its potential impact on integrity and confidentiality within affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share