CVE-2024-33646

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Apr 29, 2024

CWE ID 352

Summary

CVE-2024-33646 is a critical vulnerability affecting the Toast Plugins Sticky Anything through version 2.1.5. This issue combines two serious threats: Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The CSRF vulnerability allows an attacker to make unauthorized requests on behalf of a user, while the XSS flaw introduces malicious scripts that can steal sensitive information or take control of a user's session. Attackers can exploit this weakness to launch various attacks, including account takeover and data theft. Users are strongly advised to update their Sticky Anything plugin to the latest version as soon as possible to mitigate the risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database