CVE-2024-8478

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Sep 10, 2024
CWE ID 94

Summary

CVE-2024-8478 identifies a vulnerability in the Affiliate Super Assistant plugin for WordPress, affecting all versions up to and including 1.5.3. This flaw allows unauthenticated attackers to execute arbitrary shortcodes via comments when the 'Parse comments' feature is enabled, leading to potential code execution risks for organizations using this plugin. The vulnerability has a high severity rating with a CVSS base score of 7.3, indicating significant risk with low requirements for exploitation, such as no user interaction or privileges needed. To remediate this issue, it is recommended that users update the plugin to a version beyond 1.5.3 where this vulnerability has been addressed. Failure to act on this could result in unauthorized access and manipulation of web content, posing security threats to affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share