CVE-2024-29925

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 27, 2024

CWE ID 79

Summary

CVE-2024-29925 is a Cross-site Scripting (XSS) vulnerability affecting the wpWax Post Grid, Slider & Carousel Ultimate plugin. The flaw, which allows Stored XSS attacks, lies in the plugin's input neutralization during web page generation. This issue puts users running versions 1.6.6 and older at risk, making it crucial for them to apply the necessary security updates as soon as possible. Attackers can exploit the vulnerability by injecting malicious scripts into a targeted website, potentially stealing user data or taking control of user sessions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vDQ1qe
https://www.cve.org/CVERecord?id=CVE-2024-29925
https://nvd.nist.gov/vuln/detail/CVE-2024-29925

Back to Vulnerability Database

CVE-2024-29925

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations