CVE-2024-0381

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 18, 2024

Updated: Jan 24, 2024

CWE ID 79

Summary

CVE-2024-0381 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the WP Recipe Maker plugin for WordPress. This issue, present in versions 9.1.0 and below, allows authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts. The vulnerability is located within the 'tag' attribute of the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes. Successful exploitation results in the execution of malicious scripts whenever a user accesses an injected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uFrBPB
https://www.cve.org/CVERecord?id=CVE-2024-0381
https://nvd.nist.gov/vuln/detail/CVE-2024-0381

Back to Vulnerability Database

CVE-2024-0381

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations