CVE-2024-9455

Summary

CVE-2024-9455 identifies a vulnerability in the WP Cleanup and Basic Functions plugin for WordPress, affecting all versions up to and including 2.2.1. This vulnerability arises from inadequate input sanitization and output escaping, enabling authenticated attackers with Author-level access or higher to perform Stored Cross-Site Scripting (XSS) via SVG file uploads. When exploited, this allows the injection of arbitrary web scripts that execute whenever a user accesses the compromised SVG file. To remediate this issue, it is recommended that users update to a patched version of the plugin. The potential danger includes low integrity and confidentiality impacts, which could lead to unauthorized actions or information exposure within affected organizations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.