CVE-2024-9117
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-9117 identifies a vulnerability in the Mapplic Lite plugin for WordPress, affecting all versions up to and including 1.0, which allows for Stored Cross-Site Scripting (XSS) through insufficient input sanitization and output escaping of SVG file uploads. Authenticated attackers with Author-level access can exploit this vulnerability to inject malicious scripts that execute when users access affected SVG files. The potential danger includes unauthorized script execution, which can compromise user data and lead to further attacks on the organization. To remediate this issue, it is recommended that users update the Mapplic Lite plugin to the latest version or implement strict controls on file uploads. The vulnerability has a medium severity rating with a base score of 6.4, indicating notable risk but requiring low privileges and no user interaction for exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.