CVE-2024-8802

Summary

CVE-2024-8802 identifies a vulnerability in the Clio Grow plugin for WordPress, specifically affecting all versions up to and including 1.0.2, which is susceptible to Reflected Cross-Site Scripting (XSS) due to improper escaping of URLs. This vulnerability allows unauthenticated attackers to inject malicious web scripts into pages, potentially compromising user interactions if a user is misled into clicking an affected link. The attack vector is classified as network-based, requiring user interaction but not elevated privileges, with a CVSS base score of 6.1 indicating medium severity. To remediate this issue, users should update the Clio Grow plugin to the latest version where this vulnerability has been addressed. Organizations using affected products may face risks related to data integrity and potential exploitation of user trust if the vulnerability is not mitigated promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.