CVE-2024-9837

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Oct 15, 2024
CWE ID 94

Summary

CVE-2024-9837 identifies a vulnerability in the AADMY – Add Auto Date Month Year Into Posts plugin for WordPress, affecting all versions up to and including 2.0.1. The issue arises from improper validation of user inputs, allowing unauthenticated attackers to execute arbitrary shortcodes through a network attack vector. This vulnerability has been rated with a base severity of HIGH and an exploitability score of 3.9, indicating that it poses significant risks to organizations using affected versions of the plugin. Remediation involves updating the plugin to the latest version, which addresses this security flaw. If exploited, the potential impact includes low integrity and confidentiality risks but could enable attackers to manipulate content on affected WordPress sites.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share