CVE-2024-8318

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 4, 2024
CWE ID 79

Summary

CVE-2024-8318 identifies a Stored Cross-Site Scripting vulnerability in the Attributes for Blocks plugin for WordPress, affecting all versions up to and including 1.0.6 due to inadequate input sanitization and output escaping. Authenticated attackers with Contributor-level access can exploit this flaw by injecting malicious scripts into pages that execute upon user access. The risk is categorized as medium severity, with a CVSS base score of 6.4, indicating potential impacts on integrity and confidentiality, although none on availability. To remediate this vulnerability, users should update the plugin to the latest version where the issue is addressed. Organizations utilizing affected products should take immediate action to prevent exploitation and safeguard user data from possible attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share