CVE-2024-9211

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 11, 2024
Updated: Oct 15, 2024
CWE ID 79

Summary

CVE-2024-9211 identifies a reflected Cross-Site Scripting (XSS) vulnerability in the FULL – Cliente plugin for WordPress, affecting all versions up to and including 3.1.22. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages if they can successfully persuade a user to perform an action, like clicking on a malicious link. The risk level is categorized as medium, with an exploitability score of 2.8 and requiring user interaction for successful exploitation. To remediate this issue, users should upgrade the plugin to version 3.1.23 or later, where the vulnerability has been addressed. Failure to apply this update could lead to potential security breaches within an organization due to unauthorized script execution in user sessions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share