CVE-2024-9610

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 11, 2024
CWE ID 79

Summary

CVE-2024-9610 identifies a vulnerability in the Language Switcher plugin for WordPress, affecting all versions up to and including 3.7.13. This vulnerability allows unauthenticated attackers to execute Reflected Cross-Site Scripting (XSS) by injecting malicious scripts if users are tricked into clicking on compromised links. The risk level is assessed as medium, with a CVSS base score of 6.1, indicating that while user interaction is required, the potential integrity and confidentiality impacts are low. To remediate this issue, it is advised to update the Language Switcher plugin to the latest version that addresses this security flaw. Organizations using affected versions should prioritize this update to mitigate the risk of exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share