CVE-2024-3973

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 7, 2024

CWE ID 522

CWE ID 256

Summary

CVE-2024-3973 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the House Manager WordPress plugin before version 1.0.8.5. This issue enables an attacker to inject malicious scripts into web pages viewed by other users, potentially exploiting high privilege users, such as admins, to gain unauthorized access or perform malicious actions. The plugin fails to sanitize and escape user input, allowing the attacker to manipulate the input data and execute scripts in the context of the vulnerable website.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/wspfu_
https://www.cve.org/CVERecord?id=CVE-2024-3973
https://nvd.nist.gov/vuln/detail/CVE-2024-3973

Back to Vulnerability Database

CVE-2024-3973

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations