CVE-2024-6766

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 6, 2024

Summary

CVE-2024-6766 is a newly disclosed vulnerability affecting the Shortcodes Ultimate Pro plugin used in WordPress sites. This issue allows contributors and above to execute Stored Cross-Site Scripting attacks by exploiting the plugin's lack of validation and escaping for certain shortcode attributes. Attackers can manipulate these attributes to inject malicious scripts into web pages or posts where the shortcode is embedded, potentially compromising the entire site. The vulnerability affects all versions of the plugin below 7.2.1 and poses a significant threat to WordPress sites that have not yet applied the necessary patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xCRIr0
https://www.cve.org/CVERecord?id=CVE-2024-6766
https://nvd.nist.gov/vuln/detail/CVE-2024-6766

Back to Vulnerability Database

CVE-2024-6766

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations