CVE-2024-51655

Summary

CVE-2024-51655 is a newly disclosed vulnerability that combines Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) attacks. Affecting Microkid Custom Author URL from undisclosed versions up to 2.0.1, an attacker could force unintended actions from a user, leading to data theft or website defacement via injected malicious scripts. This vulnerability poses a significant threat to sites utilizing this plugin and requires immediate patching to mitigate risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.