CVE-2024-9667

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 5, 2024
Updated: Nov 8, 2024
CWE ID 79

Summary

CVE-2024-9667 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Seriously Simple Podcasting plugin for WordPress. Versions up to and including 3.5.0 are susceptible to this issue. The vulnerability arises due to the improper use of add_query_arg without sufficient escaping in plugin URLs. Consequently, unauthenticated attackers can inject malicious web scripts into pages, potentially tricking users into executing these scripts by clicking on specially crafted links. This could lead to serious security implications such as session hijacking, data theft, or even full site takeover.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share