CVE-2024-8046

Summary

CVE-2024-8046 identifies a Stored Cross-Site Scripting vulnerability in the Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress, affecting all versions up to and including 1.4.1. The vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Author-level access or higher to inject malicious scripts into SVG files that execute when accessed by users. Organizations using this plugin are at risk of potential exploitation, which could compromise the integrity of their web pages and lead to unauthorized actions or data exposure. To remediate this issue, users should update to a patched version of the plugin as soon as possible. The CVSS base score for this vulnerability is rated at 6.4, indicating a medium severity level with low attack complexity and required privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.