CVE-2024-10482

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 21, 2024

Updated: Nov 22, 2024

Summary

CVE-2024-10482: This vulnerability affects the Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before version 1.5.0. It allows users with a minimal role of Author to upload malicious SVG files without proper sanitization. These SVG files could contain XSS (Cross-Site Scripting) payloads, posing a significant security risk for websites using this plugin. Unauthorized attackers could exploit this flaw to inject malicious code, potentially leading to data theft, site takeover, or other malicious activities. To mitigate this issue, users are advised to update to the latest plugin version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database