CVE-2024-8664

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 13, 2024

CWE ID 79

Summary

CVE-2024-8664 identifies a Reflected Cross-Site Scripting (XSS) vulnerability in the WP Test Email plugin for WordPress, affecting all versions up to and including 1.1.7. This flaw allows unauthenticated attackers to inject arbitrary web scripts into pages, which can execute when users interact with manipulated links. The vulnerability has a medium severity rating, with an exploitability score of 2.8, requiring user interaction but no special privileges. To remediate this issue, users are advised to update the WP Test Email plugin to a version beyond 1.1.7 where the vulnerability has been addressed. If exploited, this vulnerability poses risks such as data exposure and potential unauthorized actions on behalf of users within an organization’s web environment.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database