CVE-2024-9670

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 12, 2024
Updated: Oct 15, 2024
CWE ID 79

Summary

CVE-2024-9670 identifies a vulnerability in the 2D Tag Cloud plugin for WordPress, where all versions up to and including 6.0.2 are susceptible to Reflected Cross-Site Scripting due to improper input handling with the add_query_arg function. This flaw allows unauthenticated attackers to inject malicious web scripts into web pages, potentially compromising user interactions if users click on crafted links. The severity of this vulnerability is rated as medium, with a CVSS base score of 6.1, indicating a low integrity and confidentiality impact but requiring user interaction for exploitation. To remediate this issue, users should update the plugin to the latest version that addresses this vulnerability. Organizations using affected products should take immediate action to mitigate risks associated with potential unauthorized script execution.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share