CVE-2024-9883

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 5, 2024
Updated: Nov 6, 2024
CWE ID 79

Summary

CVE-2024-9883 is a vulnerability affecting the Pods WordPress plugin before version 3.2.7.1. This issue arises due to insufficient sanitization and escaping of some settings within the plugin.High privilege users, including admins, can exploit this flaw to execute Stored Cross-Site Scripting attacks, bypassing the restriction of the unfiltered_html capability, even in multisite setups.This vulnerability poses a significant risk, as successful exploitation could lead to unauthorized script injection and potential site takeover. It is recommended to update the Pods plugin to the latest version to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share