CVE-2024-9125

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 26, 2024
CWE ID 79

Summary

CVE-2024-9125 identifies a vulnerability in the king_IE plugin for WordPress, affecting all versions up to and including 1.0, which is susceptible to Stored Cross-Site Scripting via SVG file uploads due to inadequate input sanitization. This flaw allows authenticated attackers with Author-level access or higher to inject malicious web scripts that execute when users access the SVG files. The potential risk to organizations includes unauthorized script execution, which could compromise user data and site integrity. To mitigate this vulnerability, it is recommended that users update the plugin to the latest version, implement strict file upload controls, and enhance input validation measures. The vulnerability has a medium severity rating with a CVSS base score of 6.4 and requires low privileges for exploitation, highlighting its accessibility for attackers.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share