CVE-2024-11287

CVSS 3.1 Score 6.1 of 10 (medium)

Attack Complexity low

Scope changed

Confidentiality low

Integrity low

Availability none

Privileges Required none

Details

Published Dec 21, 2024

CWE ID 79

Summary

CVE-2024-11287 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Ebook Store plugin for WordPress. Versions up to 5.8001 are susceptible to this issue. The flaw lies in the use of add_query_arg without proper escaping, which allows unauthenticated attackers to inject malicious web scripts into URLs. An attacker can potentially execute these scripts by tricking a user into clicking on a specially crafted link. This vulnerability poses a significant security risk and should be addressed promptly by updating the plugin to a patched version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database