CVE-2024-9656

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Oct 12, 2024
CWE ID 79

Summary

CVE-2024-9656 identifies a Stored Cross-Site Scripting vulnerability in the Mynx Page Builder plugin for WordPress, affecting all versions up to and including 0.27.8. This vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Author-level access or higher to inject malicious web scripts that execute when users access SVG files. Organizations using this plugin may face a medium severity risk, with an exploitability score of 3.1, which could lead to low impacts on data integrity and confidentiality. To remediate this vulnerability, it is recommended that users update the Mynx Page Builder plugin to the latest version to ensure proper input validation measures are in place. Without remediation, the potential for exploitation could allow attackers to compromise site functionality and user trust.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share