cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9374,https://securityvulnerability.io/vulnerability/CVE-2024-9374,Unauthenticated Attackers Can Inject Arbitrary Web Scripts Via Reflected Cross-Site Scripting in WordPress's Terms Descriptions Plugin,"The Terms descriptions plugin for WordPress is susceptible to reflected cross-site scripting (XSS) vulnerabilities. This stems from the improper handling of user input via the add_query_arg function that lacks adequate escaping in the URL. As a consequence, unauthenticated attackers can exploit this vulnerability to inject arbitrary web scripts into affected pages. These scripts can execute when a user is misled into clicking a malicious link, posing significant risks to user data and website integrity. It is crucial for site administrators to carefully assess and update their plugins to mitigate potential exploit attempts.",Wordpress,Terms Descriptions,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-24T04:32:25.907Z,0