CVE-2024-9221

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 11, 2024
Updated: Oct 15, 2024
CWE ID 79

Summary

CVE-2024-9221 identifies a vulnerability in the Tainacan plugin for WordPress, which is affected in all versions up to and including 0.21.10. This vulnerability allows unauthenticated attackers to exploit reflected cross-site scripting (XSS) through improper input escaping when using the add_query_arg function. The potential risk includes the execution of arbitrary web scripts if users are tricked into clicking on malicious links, posing a medium severity threat with a CVSS base score of 6.1. To remediate this issue, it is recommended that users update the Tainacan plugin to the latest version that addresses this vulnerability. Organizations using affected products should take immediate action to mitigate the risk of exploitation through user interaction.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share