See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2024-9210

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 2, 2024

Updated: Oct 8, 2024

CWE ID 79

Summary

CVE-2024-9210 identifies a vulnerability in the MC4WP: Mailchimp Top Bar plugin for WordPress, which is susceptible to Reflected Cross-Site Scripting due to the improper use of add_query_arg without adequate escaping in all versions up to and including 1.6.0. This flaw allows unauthenticated attackers to inject malicious web scripts into pages, potentially compromising users who interact with manipulated links. Affected products include various versions of the plugin used across multiple WordPress installations. To remediate this vulnerability, it is recommended that users update the plugin to version 1.6.1 or later. The severity of this vulnerability is rated as medium, with an exploitability score of 2.8, indicating that successful exploitation requires user interaction but could lead to low integrity and confidentiality impacts for organizations using affected versions of the plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database