CVE-2024-9220

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 1, 2024
Updated: Oct 4, 2024
CWE ID 79

Summary

CVE-2024-9220 identifies a vulnerability in the LH Copy Media File plugin for WordPress, affecting all versions up to and including 1.08, which is susceptible to Reflected Cross-Site Scripting. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into web pages by exploiting the improper handling of URLs through the add_query_arg function. To mitigate this risk, users are advised to update the plugin to a secure version that resolves this issue. The potential danger posed by this vulnerability includes unauthorized script execution if a user is tricked into interacting with malicious links, which could lead to data manipulation or theft. The vulnerability has a medium severity rating, with an exploitability score of 2.8, indicating that user interaction is necessary for successful exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share