February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
RustyStealer and New Ymir Ransomware Collaborate in Cyberattacks – Active IOCs
November 12, 2024Bitter APT – Active IOCs
November 12, 2024RustyStealer and New Ymir Ransomware Collaborate in Cyberattacks – Active IOCs
November 12, 2024Bitter APT – Active IOCs
November 12, 2024
Severity
Medium
Analysis Summary
CVE-2024-50445 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Merkulove Selection Lite allows Stored XSS.
CVE-2024-50446 CVSS:6.5
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-50445
- CVE-2024-50446
Affected Vendors
WordPress
Affected Products
- Merkulove Selection Lite - n/a
- FuturioWP Futurio Extra - n/a
Remediation
Upgrade to the latest version, available from the WordPress Plugin Directory.