CVE-2024-9611

Summary

CVE-2024-9611 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Increase upload file size & Maximum Execution Time limit plugin for WordPress. The flaw, present in all versions up to 2.0, arises due to the plugin's failure to properly escape URLs using add_query_arg function. This vulnerability allows unauthenticated attackers to inject malicious web scripts into pages by tricking users into performing actions like clicking on specially crafted links. Successful exploitation could lead to various unwanted outcomes, including session hijacking, data theft, and unauthorized account access. It is highly recommended that users update their plugin to the latest version or disable it until a patch is available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.