CVE-2024-9934

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 6, 2024

Summary

CVE-2024-9934 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Wp-ImageZoom WordPress plugin up to version 1.1.0. The issue arises from the plugin's failure to sanitize and escape certain parameters before rendering them on a webpage. Malicious attackers can exploit this flaw by injecting malicious scripts into these parameters, potentially compromising high-privilege user accounts, such as admin. This vulnerability poses a significant security risk and should be addressed promptly by updating to the latest plugin version or implementing alternative image zoom plugins with proven security features.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zfX83I
https://www.cve.org/CVERecord?id=CVE-2024-9934
https://nvd.nist.gov/vuln/detail/CVE-2024-9934

Back to Vulnerability Database

CVE-2024-9934

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations