CVE-2024-9706
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Dec 6, 2024
CWE ID 862
Summary
CVE-2024-9706 is a vulnerability affecting the Ultimate Coming Soon & Maintenance plugin for WordPress. This issue stems from a missing capability check on the ucsm_activate_lite_template_lite function, which is present in all versions up to 1.0.9. Consequently, unauthenticated attackers can manipulate the template used for the coming soon/maintenance page, posing a potential risk to website data integrity. This vulnerability requires immediate attention, and users are advised to update the plugin to a patched version as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share