CVE-2024-51650

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 19, 2024

CWE ID 352

Summary

CVE-2024-51650 is a newlydiscovered vulnerability affecting the Random Featured Post module in Scott @ MyDollarPlan.com, versions n/a through 1.1.3. This issue is a Cross-Site Request Forgery (CSRF) combined with Stored XSS (Cross-Site Scripting) vulnerability. An attacker can exploit the CSRF vulnerability to execute malicious scripts on a victim's browser, while the Stored XSS allows the attacker to inject and execute malicious scripts on other users' browsers when they view the affected post. This puts the users at risk of unauthorized actions, data theft, and other security threats. It is recommended that users upgrade to the latest version of the module or implement appropriate security measures to mitigate these risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database