CVE-2024-8799

Summary

CVE-2024-8799 identifies a vulnerability in the Custom Banners plugin for WordPress, present in all versions up to and including 3.3, which allows for Reflected Cross-Site Scripting due to improper handling of URL parameters. This flaw enables unauthenticated attackers to inject malicious web scripts that can execute if users are deceived into clicking a link. Affected products include various extensions of the Custom Banners plugin (identified as zF8asX, zF8asW, zF8asY, and zF699i). To remediate this vulnerability, it is recommended that users update the plugin to a secure version where this issue has been addressed. The potential danger posed to organizations includes compromised user data and the risk of delivering harmful content to end-users, although the overall severity is categorized as medium with low integrity and confidentiality impacts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.