CVE-2024-8804
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-8804 identifies a vulnerability in the Code Embed plugin for WordPress, affecting all versions up to and including 2.4, which allows authenticated attackers with contributor-level access to execute arbitrary web scripts via stored cross-site scripting (XSS). The flaw arises from inadequate restrictions on who can use the script embed functionality, posing a medium risk to organizations as it could enable unauthorized actions on injected pages. To remediate this vulnerability, users should update the plugin to the latest version to ensure that sufficient security measures are in place. The attack complexity is low, and while both integrity and confidentiality impacts are rated low, it still requires minimal privileges and user interaction. Organizations using affected products should prioritize patch management to mitigate potential exploitation risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.