CVE-2024-34561

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published May 8, 2024

CWE ID 79

Summary

CVE-2024-34561 is a Cross-site Scripting (XSS) vulnerability affecting the Creative interactive media 3D FlipBook, PDF Viewer, and PDF Embedder plugins for WordPress. These plugins, from version n/a through 3.71, are susceptible to Stored XSS attacks due to improper neutralization of user inputs during web page generation. Successful exploitation could lead to arbitrary code injection, and potentially, unauthorized access or data theft from the affected website. Users are advised to update to the latest plugin version and apply additional security measures, such as Content Security Policy (CSP) headers, to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vzFugG
https://www.cve.org/CVERecord?id=CVE-2024-34561
https://nvd.nist.gov/vuln/detail/CVE-2024-34561

Back to Vulnerability Database

CVE-2024-34561

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations