CVE-2024-9839

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Nov 16, 2024

CWE ID 94

Summary

CVE-2024-9839 is a vulnerability affecting the Uix Slideshow plugin for WordPress. This issue, present in versions up to and including 1.6.5, allows unauthenticated attackers to execute arbitrary shortcodes due to insufficient validation of user-supplied data by the do_shortcode function. This vulnerability poses a significant risk, as attackers can potentially inject malicious code and take control of affected WordPress sites. Users are strongly urged to update to the latest version of the Uix Slideshow plugin to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zYkyXA
https://www.cve.org/CVERecord?id=CVE-2024-9839
https://nvd.nist.gov/vuln/detail/CVE-2024-9839

Back to Vulnerability Database

CVE-2024-9839

CVSS 3.1 Score 7.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations