CVE-2024-9353

Summary

CVE-2024-9353 identifies a vulnerability in the Popularis Extra plugin for WordPress, affecting all versions up to and including 1.2.6, which is susceptible to Reflected Cross-Site Scripting (XSS) due to inadequate URL escaping using add_query_arg and remove_query_arg. This flaw allows unauthenticated attackers to inject arbitrary scripts into web pages, potentially compromising user interactions if they are tricked into clicking malicious links. The severity of this vulnerability is rated as medium, with a CVSS base score of 6.1 and an exploitability score of 2.8, indicating a low attack complexity but requiring user interaction. To remediate the issue, users should upgrade to a patched version of the plugin that properly escapes URLs. Organizations utilizing this plugin should act promptly to mitigate potential security risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.