CVE-2024-2468

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 23, 2024

Updated: Mar 25, 2024

Summary

CVE-2024-2468 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the EmbedPress plugin for WordPress, specifically the 'embedpress_pro_twitch_theme' attribute in the EmbedPress widget. This issue, present in all versions up to 3.9.12, allows authenticated attackers with contributor-level access and above to inject malicious scripts. These scripts will execute whenever a user accesses an injected page, posing a significant security risk. The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Django

Affected Vendors

Django Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uScn53
https://www.cve.org/CVERecord?id=CVE-2024-2468
https://nvd.nist.gov/vuln/detail/CVE-2024-2468

Back to Vulnerability Database