CVE-2024-9222

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 2, 2024
Updated: Oct 8, 2024
CWE ID 79

Summary

CVE-2024-9222 identifies a Reflected Cross-Site Scripting vulnerability in the Paid Membership Subscriptions plugin for WordPress, affecting all versions up to and including 2.12.8. This flaw allows unauthenticated attackers to inject arbitrary web scripts into webpages, potentially compromising user data if they are tricked into clicking malicious links. To remediate this vulnerability, users should update the plugin to the latest version that addresses the issue as documented in the official patch notes. The risk level is rated as medium, with a CVSS score of 6.1, indicating that while exploitation requires user interaction, it poses a significant threat to an organization's web security posture. The integrity and confidentiality impacts are considered low, but successful exploitation could still lead to compromised user experiences and trust.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share