CVE-2024-8665

Summary

CVE-2024-8665 identifies a vulnerability in the YITH Custom Login plugin for WordPress, affecting all versions up to and including 1.7.3, which is susceptible to Reflected Cross-Site Scripting (XSS) due to improper escaping on URLs. This flaw allows unauthenticated attackers to inject malicious web scripts into pages, potentially executing them if a user is tricked into clicking a manipulated link. Remediation involves updating the plugin to a version beyond 1.7.3, where the vulnerability has been addressed. The risk level associated with this vulnerability is rated as medium, with an exploitability score of 2.8 and requires user interaction for exploitation. While it poses low impacts on confidentiality and integrity, it can still compromise user sessions or perform actions on behalf of users if successfully exploited.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.