CVE-2024-9421

Summary

CVE-2024-9421 identifies a Stored Cross-Site Scripting vulnerability in the Login Logout Shortcode plugin for WordPress, affecting all versions up to and including 1.1.0. This vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level access or higher to inject malicious scripts into pages, which execute when users visit those pages. The potential impact rating for this vulnerability is medium, with a CVSS base score of 6.4, indicating low integrity and confidentiality impacts but a significant attack vector via network interactions. To remediate this issue, it is crucial for users of the affected plugin to update to the latest version that addresses this vulnerability. Organizations utilizing this plugin should prioritize patching to prevent exploitation that could compromise user data and site security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.