CVE-2024-7302

Summary

CVE-2024-7302 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress. This flaw, present in all versions up to 7.5.4, can be exploited by authenticated attackers with author-level access or higher. By uploading specially crafted 3gp2 files, they can inject arbitrary web scripts that get executed whenever a user accesses the compromised file. This vulnerability poses a serious threat to WordPress websites using the Blog2Social plugin and could lead to unauthorized account takeover, data theft, and other malicious activities. It is strongly recommended to update the plugin to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.