YaDisk Files Plugin Vulnerable to Stored XSS Attacks
CVE-2024-10709
Currently unrated
What is CVE-2024-10709?
The YaDisk Files WordPress plugin versions up to 1.2.5 is vulnerable due to insufficient validation and escaping of shortcode attributes. This flaw allows users with contributor roles and above to inject malicious scripts through an affected shortcode, leading to Stored Cross-Site Scripting (XSS) attacks. Such vulnerabilities can compromise user data and site integrity, elevating the risk of further exploitation if not addressed adequately. Admins of WordPress sites using this plugin are advised to evaluate their current version and implement necessary updates.