CVE-2024-22287

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 31, 2024

Updated: Feb 29, 2024

CWE ID 352

Summary

CVE-2024-22287 is a newly discovered vulnerability affecting the Better Anchor Links plugin, versions n/a through 1.7.5. This issue combines two serious threats: Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The CSRF flaw enables an attacker to force a user into making unwanted actions on a website, while the XSS vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. The exploitation of both vulnerabilities together could lead to severe security consequences, including data theft or unauthorized access. It is highly recommended that users upgrade to the latest version of Better Anchor Links to mitigate these risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database