CVE-2024-8737

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 13, 2024
CWE ID 79

Summary

CVE-2024-8737 identifies a vulnerability in the PDF Thumbnail Generator plugin for WordPress, affecting all versions up to and including 1.3. This flaw allows unauthenticated attackers to exploit reflected cross-site scripting due to improper escaping of URLs, potentially leading to the injection of malicious web scripts if users are tricked into clicking on compromised links. To remediate this issue, users should update the plugin to the latest version that addresses this vulnerability. The potential danger posed by this vulnerability includes unauthorized script execution on user sessions, posing risks to user data integrity and confidentiality. The exploitability score is assessed at 2.8, indicating a medium level of severity with low integrity and confidentiality impacts but requiring user interaction for successful attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share