CVE-2024-8252

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 30, 2024
Updated: Sep 3, 2024
CWE ID 829
CWE ID 98

Summary

CVE-2024-8252 identifies a vulnerability in the Clean Login plugin for WordPress, affecting all versions up to and including 1.14.5. This Local File Inclusion vulnerability allows authenticated attackers with Contributor-level access to include and execute arbitrary files on the server, potentially leading to code execution and sensitive data exposure. Organizations using affected versions are advised to update the plugin to the latest version, which addresses this security flaw. The exploitability score of this vulnerability is rated at 2.8, with a base severity classified as high (8.8), highlighting significant risk if left unremedied. Without proper remediation, attackers could bypass access controls and severely impact the integrity and confidentiality of organizational data.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share