CVE-2024-8747
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-8747 affects the Email Obfuscate Shortcode plugin for WordPress, specifically in all versions up to and including 2.0, due to inadequate input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access or higher to execute stored cross-site scripting (XSS) attacks by injecting arbitrary web scripts into pages, which can be triggered when users access those pages. To remediate this issue, organizations should update the plugin to a patched version that resolves these security flaws. The potential danger posed by this vulnerability includes unauthorized manipulation of web content and possible data exposure, leading to a medium severity risk as rated by security analysts. Users are advised to implement best practices in user access management and regularly monitor plugin updates to mitigate associated risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.