CVE-2024-3021

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published May 2, 2024

CWE ID 77

Summary

CVE-2024-3021 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Mhr Post Ticker plugin for WordPress. This issue, present in all versions up to 1.1, stems from insufficient input sanitization and output escaping in the Header Title value. Attackers with administrator-level access can exploit this flaw to inject arbitrary web scripts. These scripts will execute whenever a user accesses an injected page, posing a significant threat in multi-site installations and those where unfiltered_html has been disabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vJ_vvV
https://www.cve.org/CVERecord?id=CVE-2024-3021
https://nvd.nist.gov/vuln/detail/CVE-2024-3021

Back to Vulnerability Database

CVE-2024-3021

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations