CVE-2024-9204

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 4, 2024
CWE ID 79

Summary

CVE-2024-9204 identifies a vulnerability in the Smart Custom 404 Error Page plugin for WordPress, affecting all versions up to and including 11.4.7, which allows for Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This vulnerability enables unauthenticated attackers to inject malicious web scripts into pages, potentially tricking users into executing harmful actions, such as clicking on links. The risk is categorized as medium severity with an exploitability score of 2.8, requiring user interaction for successful exploitation. To remediate this issue, it is essential for organizations using the affected plugin to upgrade to a patched version that addresses the security flaw. If left unaddressed, this vulnerability poses a threat to both user integrity and confidentiality within affected WordPress sites.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share