CVE-2024-0657

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Feb 9, 2024

Updated: Feb 15, 2024

CWE ID 79

Summary

CVE-2024-0657 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Internal Link Juicer: SEO Auto Linker plugin for WordPress. The flaw, present in all versions up to 2.23.4, allows authenticated attackers with administrator-level access to inject malicious scripts into admin settings such as 'ilj_settings_field_links_per_page'. Successful exploitation enables attackers to execute arbitrary web scripts whenever a user accesses an injected page, posing a significant threat to multi-site installations and installations where unfiltered_html has been disabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uLeGC9
https://www.cve.org/CVERecord?id=CVE-2024-0657
https://nvd.nist.gov/vuln/detail/CVE-2024-0657

Back to Vulnerability Database

CVE-2024-0657

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations