CVE-2024-9027
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-9027 identifies a Stored Cross-Site Scripting vulnerability in the WPZOOM Shortcodes plugin for WordPress, affecting all versions up to and including 1.0.5 due to inadequate input sanitization and output escaping on user-supplied attributes. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages, which execute when users view those pages. To remediate this issue, it is recommended that users update the plugin to the latest version that addresses this vulnerability. The potential danger posed by this exploit includes unauthorized script execution, which could lead to data manipulation or theft without requiring user interaction. The vulnerability has a medium severity rating with a CVSS base score of 6.4 and is categorized under CWE-79 for improper input neutralization during web page generation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.