CVE-2024-9117

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 26, 2024
CWE ID 79

Summary

CVE-2024-9117 identifies a vulnerability in the Mapplic Lite plugin for WordPress, affecting all versions up to and including 1.0, which allows for Stored Cross-Site Scripting (XSS) through insufficient input sanitization and output escaping of SVG file uploads. Authenticated attackers with Author-level access can exploit this vulnerability to inject malicious scripts that execute when users access affected SVG files. The potential danger includes unauthorized script execution, which can compromise user data and lead to further attacks on the organization. To remediate this issue, it is recommended that users update the Mapplic Lite plugin to the latest version or implement strict controls on file uploads. The vulnerability has a medium severity rating with a base score of 6.4, indicating notable risk but requiring low privileges and no user interaction for exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share