CVE-2024-9115

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 26, 2024
CWE ID 79

Summary

CVE-2024-9115 identifies a vulnerability in the Common Tools for Site plugin for WordPress, affecting all versions up to and including 1.0.2, which allows Stored Cross-Site Scripting through SVG file uploads due to inadequate input sanitization. This vulnerability enables authenticated attackers with Author-level access or higher to inject malicious scripts into web pages accessed by users, posing a medium severity risk with a CVSS score of 6.4. To remediate this issue, it is recommended that organizations update the plugin to the latest version that addresses this vulnerability. The potential impact includes low integrity and confidentiality risks but could facilitate further attacks if exploited. Organizations using affected versions should prioritize patching to mitigate the threat posed by this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share