CVE-2024-6651

Summary

CVE-2024-6651 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress File Upload plugin before version 4.24.8. The issue stems from a failure to sanitize and escape a user-supplied parameter, allowing an attacker to inject malicious code into web pages. This vulnerability poses a significant risk, particularly for high-privilege users like admins, who could be targeted for unauthorized access or data theft. Attackers could exploit this flaw by tricking users into clicking a specially crafted link, executing the injected code within their browser sessions. Users are advised to update the plugin to the latest version to prevent such attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.