Stored Cross-Site Scripting Vulnerability in LuckyWP Table of Contents Plugin
CVE-2024-9641
Currently unrated
What is CVE-2024-9641?
The LuckyWP Table of Contents plugin for WordPress, prior to version 2.1.7, exhibits a security flaw due to inadequate sanitization and escaping of certain settings. This vulnerability potentially allows users with high privileges, such as administrators, to conduct Stored Cross-Site Scripting (XSS) attacks. This is particularly concerning in configurations where the 'unfiltered_html' capability is restricted, such as in multisite environments. Failure to address this vulnerability may result in the execution of malicious scripts, compromising the security of affected WordPress installations.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.