CVE-2024-9356
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-9356 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Yotpo: Product & Photo Reviews plugin for WordPress. Versions up to and including 1.7.8 are vulnerable to this issue. Attackers can exploit this weakness by injecting arbitrary web scripts into pages, which can be executed if a user is tricked into performing an action like clicking on a malicious link. The root cause is insufficient input sanitization and output escaping for the 'yotpo_user_email' and 'yotpo_user_name' parameters. Unauthenticated attackers can leverage this flaw to inject malicious scripts and potentially steal sensitive user data or take control of the affected website.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.