CVE-2024-9776
CVSS 3.1 Score 4.4 of 10 (medium)
Details
Summary
CVE-2024-9776 identifies a vulnerability in the ImagePress – Image Gallery plugin for WordPress, affecting all versions up to 1.2.2. This vulnerability allows authenticated attackers with administrator-level permissions to execute stored cross-site scripting (XSS) attacks via insufficient input sanitization and output escaping in admin settings, particularly impacting multi-site installations or those with unfiltered_html disabled. To remediate this issue, users should update the plugin to the latest version that addresses the vulnerability. The potential danger includes the execution of arbitrary scripts on user-accessed pages, posing a medium risk level with an exploitability score of 1.3 as per security assessments. Organizations should take immediate action to mitigate risks associated with this vulnerability to protect their web applications and user data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.