CVE-2024-8734

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 13, 2024
CWE ID 79

Summary

CVE-2024-8734 identifies a vulnerability in the Lucas String Replace plugin for WordPress, affecting all versions up to and including 2.0.5, which allows for Reflected Cross-Site Scripting due to improper handling of URLs. This vulnerability enables unauthenticated attackers to inject malicious scripts into web pages, potentially compromising users who click on manipulated links. To remediate this issue, it is recommended that users update the plugin to a patched version that addresses the escaping flaws. The vulnerability poses a medium-level risk with an exploitability score of 2.8, requiring user interaction for exploitation but having low impacts on integrity and confidentiality. Organizations using this plugin should prioritize updates to mitigate potential attacks that may exploit this weakness.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share