CVE-2024-1296

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Mar 13, 2024

Summary

CVE-2024-1296 is a Stored Cross-Site Scripting vulnerability affecting the Brizy – Page Builder plugin for WordPress. This issue, present in all versions up to 2.4.40, stems from insufficient input sanitization and output escaping on user-supplied attributes during block uploads. Consequently, authenticated attackers with contributor-level permissions and above can inject arbitrary web scripts into pages. Execution of these scripts occurs whenever a user accesses the affected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ubSd4H
https://www.cve.org/CVERecord?id=CVE-2024-1296
https://nvd.nist.gov/vuln/detail/CVE-2024-1296

Back to Vulnerability Database

CVE-2024-1296

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations