CVE-2024-7355

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Aug 7, 2024

CWE ID 79

Summary

CVE-2024-7355 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Organization chart plugin for WordPress. This issue, present in versions up to 1.5.0, allows authenticated attackers with Subscriber-level access or higher to inject arbitrary web scripts into the 'title_input' and 'node_description' parameters. Consequences of exploitation include the execution of malicious scripts whenever a user accesses an injected page. By default, this vulnerability can be exploited only by administrators; however, the ability to configure charts can be granted to subscribers, potentially expanding the attack surface.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xYcSpH
https://www.cve.org/CVERecord?id=CVE-2024-7355
https://nvd.nist.gov/vuln/detail/CVE-2024-7355

Back to Vulnerability Database

CVE-2024-7355

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations