WordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-46094

7.1HIGH

Key Information:

Vendor: WordPress
Status: Track Google Analytics 4, Facebook Pixel & Conversions Api Via Google Tag Manager For WooCommerce
Vendor: CVE Published:; 26 October 2023

Summary

An unauthenticated reflected Cross-Site Scripting (XSS) vulnerability exists in the Conversios Track Google Analytics 4, Facebook Pixel & Conversions API plugin for WooCommerce. This flaw allows an attacker to inject malicious scripts into web pages viewed by users. Successful exploitation could lead to session hijacking and other malicious activities, potentially compromising the integrity and confidentiality of user data.

Affected Version(s)

Track Google Analytics 4, Facebook Pixel & Con API via Google Tag Manager for WooCommerce <= 6.5.3

References

https://patchstack.com/database/vulnerability/enhanced-e-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 26, 2023
Vulnerability Reserved
Oct 16, 2023

Credit

Phd (Patchstack Alliance)