CVE-2024-9611
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-9611 identifies a reflected cross-site scripting vulnerability in the Increase Upload File Size & Maximum Execution Time Limit plugin for WordPress, affecting all versions up to and including 2.0. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages, which can be executed if users are manipulated into clicking a link. The risk level is classified as medium, with an exploitability score of 6.1, requiring user interaction but no special privileges. To remediate this issue, it is recommended that users update the plugin to a patched version or implement appropriate escaping measures for URL parameters. Failure to address this vulnerability could lead to unauthorized actions being performed on behalf of users visiting affected sites, potentially compromising their data and security.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.