CVE-2024-9228

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 1, 2024
Updated: Oct 7, 2024
CWE ID 79

Summary

CVE-2024-9228 identifies a vulnerability in the Loggedin – Limit Active Logins plugin for WordPress, specifically impacting all versions up to 1.3.1, which is susceptible to Reflected Cross-Site Scripting (XSS) due to improper use of add_query_arg without sufficient escaping on URLs. This flaw allows unauthenticated attackers to inject malicious scripts into web pages if they can deceive a user into clicking a specially crafted link, particularly when the review notice is displayed. To remediate this issue, it is advised that users update the plugin to a patched version beyond 1.3.1 to mitigate potential exploitation risks. The vulnerability carries a medium severity rating with an exploitability score of 2.8, indicating that user interaction is required for an attack to succeed. If exploited, it could lead to low impacts on both integrity and confidentiality of an organization's data.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share