CVE-2024-9696
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
CVE-2024-9696 identifies a Stored Cross-Site Scripting vulnerability in the Rescue Shortcodes plugin for WordPress, affecting all versions up to and including 2.8. This flaw arises from inadequate input sanitization and output escaping on user-supplied attributes in the 'rescue_tab' shortcode, allowing authenticated attackers with contributor-level access or higher to inject malicious scripts that execute when a user views the affected page. The security rating for this vulnerability is classified as medium, with a CVSS base score of 6.4, indicating low integrity and confidentiality impact but requiring minimal privileges for exploitation. To remediate this issue, it is advised that users update the plugin to the latest version where the vulnerability has been addressed. Organizations utilizing affected products should be vigilant as this vulnerability poses risks to their web applications by potentially compromising user data and trust.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.