CVE-2024-9127

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 26, 2024
CWE ID 79

Summary

CVE-2024-9127 identifies a vulnerability in the Super Testimonials plugin for WordPress, affecting all versions up to and including 3.0.0. This flaw allows authenticated attackers with Contributor-level access or higher to exploit Stored Cross-Site Scripting via the ‘alignment’ parameter due to inadequate input sanitization and output escaping, enabling them to inject malicious scripts into web pages accessed by users. Organizations using this plugin are at risk of executing arbitrary scripts, which can compromise user data and lead to further attacks. To remediate this issue, users should update the Super Testimonials plugin to the latest version that addresses these vulnerabilities. The vulnerability has a medium severity rating with an exploitation score of 6.4, indicating a moderate level of risk associated with its presence in affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share