CVE-2024-9835

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 12, 2024

Summary

CVE-2024-9835 is a vulnerability affecting the RSS Feed Widget plugin for WordPress. Before version 3.0.1, the plugin does not properly escape the $_SERVER['REQUEST_URI'] parameter, which is output back into an attribute. This issue can lead to Reflected Cross-Site Scripting (XSS) attacks, exploiting old web browsers that do not adequately handle XSS protection. An attacker could inject malicious scripts, potentially stealing sensitive user data or gaining unauthorized access. To mitigate this risk, users should promptly update their plugin to the latest version.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share