CVE-2024-9024

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 25, 2024
CWE ID 79

Summary

CVE-2024-9024 identifies a vulnerability in the Material Design Icons plugin for WordPress, affecting all versions up to and including 0.0.5, which allows for Stored Cross-Site Scripting (XSS) due to inadequate input sanitization and output escaping on user-supplied attributes. This vulnerability can be exploited by authenticated attackers with contributor-level access or higher, enabling them to inject malicious scripts into pages that will execute when accessed by users. Organizations using this plugin could face medium-severity risks, as the attack vector is network-based with a low complexity level, requiring minimal privileges and no user interaction. To mitigate this risk, it is recommended that users update the plugin to a secure version where this vulnerability has been addressed. The potential impact includes low integrity and confidentiality risks but could disrupt the user experience and compromise site security.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share