CVE-2024-9638
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Jan 7, 2025
CWE ID 79
Summary
CVE-2024-9638 is a vulnerability affecting the Category Posts Widget WordPress plugin before version 4.9.18. This issue permits high privilege users, such as admin, to execute Stored Cross-Site Scripting attacks. The plugin fails to sanitize and escape certain settings, enabling attackers to inject malicious scripts even when the unfiltered_html capability is restricted. This can lead to serious security implications, including unauthorized access or data theft. Users are advised to update the plugin to its latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share