CVE-2024-3167

Summary

CVE-2024-3167: The Ocean Extra plugin for WordPress, used by many sites, has a critical vulnerability. This issue allows authenticated attackers with contributor-level access or higher to inject malicious scripts via the 'twitter_username' parameter. The flaw, caused by inadequate input sanitization and output escaping, can result in the execution of arbitrary web scripts on affected pages, posing a significant security risk to WordPress users running versions up to and including 2.2.6. Immediate update to the latest plugin version is recommended to mitigate this Stored Cross-Site Scripting vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.