CVE-2024-8739

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 2, 2024
Updated: Nov 4, 2024
CWE ID 79

Summary

CVE-2024-8739 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the ReCaptcha Integration for WordPress plugin in all versions up to 1.2.5. This issue arises due to the use of add_query_arg function without proper escaping in the URL component, enabling unauthenticated attackers to inject malicious scripts. Successful exploitation depends on tricking users into performing an action like clicking on a crafted link, potentially leading to arbitrary code execution and security breaches. Upgrading to the latest patch version is recommended to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share