CVE-2024-1496

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Feb 29, 2024

Summary

CVE-2024-1496 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Featured Image from URL (FIFU) plugin for WordPress. This issue allows authenticated attackers, including those with contributor access or higher, to inject malicious scripts into pages by exploiting insufficient input sanitization and output escaping in the fifu_input_url parameter. Successful exploitation results in the execution of arbitrary web scripts whenever a user accesses an injected page. Versions up to and including 4.6.2 of the FIFU plugin are vulnerable to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uhJQwA
https://www.cve.org/CVERecord?id=CVE-2024-1496
https://nvd.nist.gov/vuln/detail/CVE-2024-1496

Back to Vulnerability Database

CVE-2024-1496

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations