Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-50445 CVSS:6.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Merkulove Selection Lite allows Stored XSS.

CVE-2024-50446 CVSS:6.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.

Impact

Cross-Site Scripting

Indicators of Compromise

CVE

CVE-2024-50445
CVE-2024-50446

Affected Vendors

WordPress

Affected Products

Merkulove Selection Lite - n/a
FuturioWP Futurio Extra - n/a

Remediation

Upgrade to the latest version, available from the WordPress Plugin Directory.

CVE-2024-50445

CVE-2024-50446

RustyStealer and New Ymir Ransomware Collaborate in Cyberattacks – Active IOCs

Bitter APT – Active IOCs

Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan