CVE-2024-9368

Summary

CVE-2024-9368 identifies a vulnerability in the Aggregator Advanced Settings plugin for WordPress, affecting all versions up to and including 1.2.1, which is susceptible to Stored Cross-Site Scripting (XSS) through SVG file uploads due to inadequate input sanitization and output escaping. This vulnerability allows authenticated attackers with Author-level access or higher to inject malicious scripts into pages that execute when users access the compromised SVG files. To remediate this issue, organizations should update the plugin to the latest version that addresses this flaw. The potential danger posed by this vulnerability is categorized as medium severity, with an exploitability score of 3.1, primarily affecting integrity and confidentiality at a low level. Failure to address this vulnerability may lead to unauthorized script execution on user systems, compromising user data and trust in the affected website.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.