CVE-2024-23517

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 10, 2024

Updated: Feb 16, 2024

CWE ID 79

Summary

CVE-2024-23517 is a Cross-site Scripting (XSS) vulnerability affecting the Scheduling Plugin – Online Booking for WordPress from versions n/a through 3.5.10. Maliciously crafted input can be improperly neutralized during web page generation, allowing attackers to execute stored XSS scripts on unsuspecting users' browsers, potentially stealing sensitive information or taking control of the user's account. This flaw poses a significant risk to WordPress websites utilizing the Scheduling Plugin – Online Booking and highlights the importance of keeping software up-to-date to mitigate such threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uLm8pD
https://www.cve.org/CVERecord?id=CVE-2024-23517
https://nvd.nist.gov/vuln/detail/CVE-2024-23517

Back to Vulnerability Database

CVE-2024-23517

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations