CVE-2024-8189

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Sep 28, 2024
Updated: Sep 30, 2024
CWE ID 79

Summary

CVE-2024-8189 identifies a vulnerability in the WP MultiTasking – WP Utilities plugin for WordPress, specifically affecting all versions up to and including 0.1.17, due to inadequate input sanitization and output escaping on the ‘wpmt_menu_name’ parameter. This vulnerability allows authenticated attackers with administrator-level access to inject stored cross-site scripting (XSS) payloads that execute on affected pages when accessed by users, posing a medium severity risk to organizations using multi-site installations or where unfiltered HTML is disabled. Remediation involves updating the plugin to a version beyond 0.1.17, which addresses these security flaws. The potential impact includes low integrity and confidentiality impacts, but the complexity of exploitation is high, requiring significant privileges without user interaction. Organizations utilizing this plugin should prioritize updates to mitigate the associated risks effectively.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share