CVE-2024-9850

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Nov 16, 2024

CWE ID 79

Summary

CVE-2024-9850 is a Stored Cross-Site Scripting vulnerability affecting the SVG Case Study plugin for WordPress. This issue, present in all versions up to 1.0, allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts. The vulnerability stems from insufficient input sanitization and output escaping during SVG file uploads. Successful exploitation enables the attacker to execute their scripts whenever a user accesses the infected SVG file.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zY5pVK
https://www.cve.org/CVERecord?id=CVE-2024-9850
https://nvd.nist.gov/vuln/detail/CVE-2024-9850

Back to Vulnerability Database

CVE-2024-9850

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations