CVE-2024-7084

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Aug 6, 2024

Updated: Nov 1, 2024

Summary

CVE-2024-7084 is a vulnerability affecting the Ajax Search Lite WordPress plugin before version 4.12.1. This issue allows users with an Admin+ role to execute Cross-Site Scripting (XSS) attacks due to insufficient sanitization and escaping of certain parameters. An attacker could inject malicious code into a website, leading to unintended actions or data theft. Users are advised to update to the latest plugin version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xNqezX
https://www.cve.org/CVERecord?id=CVE-2024-7084
https://nvd.nist.gov/vuln/detail/CVE-2024-7084

Back to Vulnerability Database

CVE-2024-7084

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations