CVE-2024-9027

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 79

Summary

CVE-2024-9027 identifies a Stored Cross-Site Scripting vulnerability in the WPZOOM Shortcodes plugin for WordPress, affecting all versions up to and including 1.0.5 due to inadequate input sanitization and output escaping on user-supplied attributes. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages, which execute when users view those pages. To remediate this issue, it is recommended that users update the plugin to the latest version that addresses this vulnerability. The potential danger posed by this exploit includes unauthorized script execution, which could lead to data manipulation or theft without requiring user interaction. The vulnerability has a medium severity rating with a CVSS base score of 6.4 and is categorized under CWE-79 for improper input neutralization during web page generation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share