CVE-2024-9228
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-9228 identifies a vulnerability in the Loggedin – Limit Active Logins plugin for WordPress, specifically impacting all versions up to 1.3.1, which is susceptible to Reflected Cross-Site Scripting (XSS) due to improper use of add_query_arg without sufficient escaping on URLs. This flaw allows unauthenticated attackers to inject malicious scripts into web pages if they can deceive a user into clicking a specially crafted link, particularly when the review notice is displayed. To remediate this issue, it is advised that users update the plugin to a patched version beyond 1.3.1 to mitigate potential exploitation risks. The vulnerability carries a medium severity rating with an exploitability score of 2.8, indicating that user interaction is required for an attack to succeed. If exploited, it could lead to low impacts on both integrity and confidentiality of an organization's data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.