CVE-2024-9641
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Dec 12, 2024
Summary
CVE-2024-9641 is a vulnerability affecting the LuckyWP Table of Contents plugin for WordPress before version 2.1.7. This issue allows high privilege users, such as administrators, to execute Stored Cross-Site Scripting attacks, bypassing the unfiltered_html capability restriction, even in multisite setups. The plugin fails to sanitize and escape certain settings, enabling attackers to inject malicious scripts into pages and posts, potentially leading to unauthorized access or data theft.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share