CVE-2024-2237

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Mar 13, 2024

CWE ID 78

Summary

CVE-2024-2237 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Premium Addons PRO plugin for WordPress. This issue, present in all versions up to and including 2.9.12, arises due to insufficient input sanitization and output escaping in the Global Badge module. Authenticated attackers with contributor-level access or higher can exploit this flaw to inject malicious web scripts into pages. These scripts will be executed whenever a user accesses an injected page, posing a significant threat to website security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Elecom

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uFvp3l
https://www.cve.org/CVERecord?id=CVE-2024-2237
https://nvd.nist.gov/vuln/detail/CVE-2024-2237

Back to Vulnerability Database

CVE-2024-2237

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations