CVE-2024-9378

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 2, 2024
Updated: Oct 4, 2024
CWE ID 79

Summary

CVE-2024-9378 identifies a vulnerability in the YML for Yandex Market plugin for WordPress, affecting all versions up to 4.7.2, which is susceptible to Reflected Cross-Site Scripting (XSS) via the 'page' parameter due to inadequate input sanitization and output escaping. This flaw enables unauthenticated attackers to inject malicious scripts into web pages that can execute if users are manipulated into clicking on a link. To remediate this issue, it is recommended that users update the plugin to a version beyond 4.7.2, where the vulnerability has been addressed. The potential danger posed by this vulnerability includes low integrity and confidentiality impacts, but successful exploitation requires user interaction, making it a medium severity threat with an exploitability score of 2.8. Organizations utilizing this plugin should prioritize updating their systems to mitigate possible attacks that could result from this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share