CVE-2024-8722

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 19, 2025

CWE ID 79

Summary

CVE-2024-8722 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Import any XML or CSV File to WordPress PRO plugin for WordPress. This issue, present in all versions up to 4.9.7, permits authenticated attackers with Administrator-level access to inject malicious web scripts into SVG files. When a user accesses these files, the injected scripts will execute, posing a significant security risk. The root cause of this vulnerability lies in insufficient input sanitization and output escaping during SVG file uploads.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/yifFRh
https://www.cve.org/CVERecord?id=CVE-2024-8722
https://nvd.nist.gov/vuln/detail/CVE-2024-8722

Back to Vulnerability Database

CVE-2024-8722

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations