CVE-2024-6588

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Jul 12, 2024

Summary

CVE-2024-6588 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the PowerPress Podcasting plugin for WordPress by Blubrry. Versions up to and including 11.9.10 are impacted by this issue. The vulnerability stems from inadequate input sanitization and output escaping related to the ‘media_url’ parameter. Unauthenticated attackers can capitalize on this weakness by injecting arbitrary web scripts, which may lead to the execution of malicious code when users unwittingly trigger the action, such as clicking on a specially crafted link.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/w5kt4P
https://www.cve.org/CVERecord?id=CVE-2024-6588
https://nvd.nist.gov/vuln/detail/CVE-2024-6588

Back to Vulnerability Database

CVE-2024-6588

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations