CVE-2024-9704

Summary

CVE-2024-9704 identifies a Stored Cross-Site Scripting vulnerability in the Social Sharing (by Danny) plugin for WordPress, affecting all versions up to and including 1.3.7. This vulnerability arises from inadequate input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-level access or higher to inject harmful web scripts that execute when users access compromised pages. The severity of this issue is rated as medium, with a CVSS base score of 6.4, indicating a low requirement for privileges and no user interaction needed for exploitation. Organizations using this plugin are urged to update to the latest version to mitigate the risks associated with this vulnerability. The potential danger includes unauthorized script execution, which could lead to data theft or manipulation within affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.