CVE-2024-9451

Summary

CVE-2024-9451 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Embed PDF Viewer plugin for WordPress. This issue, present in all versions up to and including 2.4.4, allows authenticated attackers with Contributor-level access or higher to inject malicious scripts into pages. The vulnerability stems from insufficient input sanitization and output escaping of the 'height' and 'width' parameters, causing the injected code to execute whenever a user accesses the affected page. This security flaw poses a significant risk, as successful exploitation can lead to unauthorized access, data theft, or site defacement. To mitigate this risk, it is recommended that users install the latest version of the plugin or consider removing it and replacing it with a more secure alternative.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.