CVE-2024-9375
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-9375 identifies a vulnerability in the WordPress Captcha Plugin by Captcha Bank, affecting all versions up to and including 4.0.36, which is susceptible to Reflected Cross-Site Scripting due to improper URL escaping with add_query_arg. This flaw allows unauthenticated attackers to potentially inject malicious web scripts into pages viewed by unsuspecting users who are tricked into clicking on a link. Affected products include various versions of the Captcha plugin used across multiple WordPress sites. To remediate this vulnerability, users should update the plugin to a secure version that addresses this issue. The risk posed by this vulnerability is categorized as medium, requiring user interaction for exploitation while having low impacts on confidentiality and integrity.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.