CVE-2024-8732

Summary

CVE-2024-8732 identifies a vulnerability in the Roles & Capabilities plugin for WordPress, affecting all versions up to and including 1.1.9, which is susceptible to Reflected Cross-Site Scripting (XSS). This flaw allows unauthenticated attackers to inject arbitrary web scripts into web pages, potentially compromising users if they are tricked into clicking malicious links. Remediation involves updating the plugin to a version beyond 1.1.9 where the vulnerability has been addressed. The potential danger of this vulnerability is rated as medium severity, with an exploitability score of 2.8, indicating that successful attacks could lead to low impacts on integrity and confidentiality but require user interaction. Organizations using the affected plugin are advised to take immediate action to mitigate the risk associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.