CVE-2024-8433

Summary

CVE-2024-8433 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Easy Mega Menu Plugin for WordPress by ThemeHunk. This issue, present in all versions up to 1.1.0, stems from insufficient input sanitization and output escaping in the 'themehunk_megamenu_bg_image' parameter. Authenticated attackers with subscriber-level access or higher can exploit this vulnerability to inject arbitrary web scripts, which execute whenever a user accesses an injected page. Although partially addressed in 1.1.0, this vulnerability still poses a threat due to the missing authorization protection that was overlooked during the fix.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.