CVE-2024-8714

Summary

CVE-2024-8714 identifies a vulnerability in the SliceWP Affiliates plugin for WordPress, affecting all versions up to and including 1.1.20, which is susceptible to Reflected Cross-Site Scripting due to inadequate escaping on URLs. This flaw allows unauthenticated attackers to inject malicious web scripts, which can execute if users are tricked into interacting with compromised links. To remediate this issue, users should update the plugin to a version beyond 1.1.20 where the vulnerability is addressed. Given its medium severity rating (CVSS 6.1), the potential impact includes low confidentiality and integrity risks, requiring user interaction for exploitation. Organizations utilizing this plugin should prioritize updates to mitigate possible security breaches that could arise from this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.